Jeremy Kirk
Author Archives: Jeremy Kirk
- Home → Author's archive:
Jeremy Kirk
0
Asprox botnet, a long-running nuisance, disappears
The Asprox botnet, whose malware-spamming activities have been followed for years by security researchers, appears to be gone.Since 2007, the botnet was used for effective spam campaigns that sought to trick people into downloading malware attachments in emails that purported to be court notices or notifications from services including FedEx, the U.S. Postal Service and American Airlines.But by January, the botnet seemed to be shut down, wrote Ryan Olson, intelligence director for Palo Alto Networks, in a blog post. Throughout 2014, the security company noticed the botnet was distributing Kuluoz, a malware program linked to Asprox.To read this article in full or to leave a comment, please click here
0
MacKeeper customers can file a claim to get their money back
Customers of the oft-criticized security and performance program MacKeeper have until Nov. 30 to file a claim for reimbursement, the result of a proposed class-action suit settlement.Those who bought MacKeeper before July 8 are eligible, according to the settlement website where claims can be filed.The class action suit accused MacKeeper’s original developer, ZeoBIT, of deceptively advertising the program and making false claims about what it could fix. It was filed in May 2014 in the U.S. District Court for the Western District of Pennsylvania.To read this article in full or to leave a comment, please click here
0
New malware turns your computer into a cellular antenna
A group of Israeli researchers have improved on a way to steal data from air-gapped computers, thought to be safer from attack due to their isolation from the Internet.They’ve figured out how to turn the computer into a cellular transmitter, leaking bits of data that can be picked up by a nearby low-end mobile phone.While other research has shown it possible to steal data this way, some of those methods required some hardware modifications to the computer. This attack uses ordinary computer hardware to send out the cellular signals.Their research, which will be featured next week at the 24th USENIX Security Symposium in Washington, D.C., is the first to show it’s possible to steal data using just specialized malware on the computer and the mobile phone.To read this article in full or to leave a comment, please click here
0
ICANN resets passwords after website breach
The overseer of the Internet’s addressing system said Wednesday that someone obtained information related to user accounts for its public website, although no financial information was divulged.ICANN, short for the Internet Corporation for Assigned Names and Numbers, said user names, email addresses, encrypted passwords and other data, such as bios, interests and newsletter subscriptions, were contained in the accounts.Despite the breach, the accounts as well as internal ICANN systems do not appear to have been accessed, the organization said in a post on its website.Although an investigation continues, ICANN said the “encrypted passwords appear to have been obtained as a result of unauthorized access to an external service provider.” It did not name that provider.To read this article in full or to leave a comment, please click here
0
Android device makers to release monthly security fixes
Google, Samsung and LG will start to issue monthly security patches for Android devices, taking a cue from the PC industry after critical vulnerabilities put hundreds of millions of smartphone users at risk.Security experts have warned for years that Android devices receive critical updates from manufacturers either too slowly or not at all. Phones and tablets have been increasingly targeted by hackers looking to steal data or defraud users.Google’s Nexus devices will get monthly over-the-air security patches, said Adrian Ludwig, lead engineer for Android security, at the Black Hat security conference in Las Vegas.“Nexus devices will continue to receive major updates for at least two years and security patches for the longer of three years from initial availability, or 18 months from last sale of the device via the Google Store, he wrote in a blog post.To read this article in full or to leave a comment, please click here
0
Apple computers vulnerable to ‘Thunderstrike 2’ firmware worm
An improved attack on the firmware in Apple computers makes them vulnerable to hard-to-detect malware without even being connected to a network, according to a Black Hat conference presentation due to be given later this week.The new research highlights ongoing weaknesses in the low-level software that runs on every computer before an operating system is loaded.It comes from researchers Xeno Kovah and Corey Kallenberg of LegbaCore and Trammell Hudson of Two Sigma Investments. They showed earlier this year how they could infect a Mac’s firmware with malware by connecting malicious devices to them using Thunderbolt, Apple’s high-speed data transfer interface. The attack was dubbed Thunderstrike.To read this article in full or to leave a comment, please click here
0
SDN switches aren’t hard to compromise, researcher says
Software-defined switches hold a lot of promise for network operators, but new research due to be presented at Black Hat will show that security measures haven't quite caught up yet.Gregory Pickett, founder of the Chicago-based security firm Hellfire Security, has developed several attacks against network switches that use Onie (the Open Network Install Environment).Onie is a small, Linux based operating system that runs on a bare-metal switch. A network operating system is installed on top of Onie, which is designed to make it easy and fast for the OS to be swapped with a different one.To read this article in full or to leave a comment, please click here
0
Sounds can knock drones out of the sky
Knocking a drone out of the sky is sometimes possible using an invisible weapon—sound.The vulnerability in some drones comes from a natural property of all objects—resonance. Take a wine glass: if a sound is created that matches the natural resonant frequency of the glass, the resulting effects could cause it to shatter.The same principle applies to components inside drones. Researchers at the Korea Advanced Institute of Science and Technology (KAIST) in Daejon, South Korea, analyzed the effects of resonance on a crucial component of a drone, its gyroscope. Their paper will be presented next week at the 24th USENIX Security Symposium in Washington, D.C.To read this article in full or to leave a comment, please click here
0
Apple computers vulnerable to ‘Thunderstrike 2’ firmware worm
An improved attack on the firmware in Apple computers makes them vulnerable to hard-to-detect malware without even being connected to a network, according to a Black Hat conference presentation due to be given later this week.The new research highlights ongoing weaknesses in the low-level software that runs on every computer before an operating system is loaded.It comes from researchers Xeno Kovah and Corey Kallenberg of LegbaCore and Trammell Hudson of Two Sigma Investments. They showed earlier this year how they could infect a Mac’s firmware with malware by connecting malicious devices to them using Thunderbolt, Apple’s high-speed data transfer interface. The attack was dubbed Thunderstrike.To read this article in full or to leave a comment, please click here
0
DNS server attacks begin using BIND software flaw
Attackers have started exploiting a flaw in the most widely used software for the DNS (Domain Name System), which translates domain names into IP addresses.Last week, a patch was issued for the denial-of-service flaw, which affects all versions of BIND 9, open-source software originally developed by the University of California at Berkeley in the 1980s.The flaw can be exploited with a single packet, crashing both authoritative and recursive DNS servers. Security analysts predicted that attackers would quickly figure out how to exploit the flaw, which has now happened.“We can confirm that the attacks have begun,” wrote Daniel Cid, CTO and founder of the security company Sucuri. “DNS is one of the most critical parts of the Internet infrastructure, so having your DNS go down, it also means your email, HTTP and all other services will be unavailable.”To read this article in full or to leave a comment, please click here
0
Fake Apple iOS crash reports prove tricky to remove
Some Apple mobile users have been encountering a pop-up message that is particularly difficult to close.The message appears after a user has been redirected to a different domain, usually caused by viewing a malicious advertisement, wrote Jerome Segura, a senior security researcher with Malwarebytes.The message warns that a third-party application on the phone has caused the device to crash and includes a phone number where users can allegedly get their device fixed.Warnings such as this one are employed by technical support schemes, which convince people to call their support lines by falsely warning that their computers or devices have security or performance problems.To read this article in full or to leave a comment, please click here
0
No building access card? No problem if you have new Def Con tools
RFID card access systems are used by most companies to let people into their buildings. But over the last few years, researchers have shown how these systems can be easily bypassed.Francis Brown, a partner at the computer security firm Bishop Fox, has been on the forefront of much of the research. In fact, he recognized some of his tools and methods being used in the TV program Mr. Robot, which has been noted for highly accurate technical detail.Lately, he’s been looking closely at breaching high- and ultra-high frequency RFID (radio-frequency identification) systems, which are increasingly being used for physical security systems.He’s due to give a presentation at this year’s Def Con Hacking Conference in Las Vegas early next month with a bevy of new and improved software and hardware goodies.To read this article in full or to leave a comment, please click here
0
US Census Bureau says breach didn’t expose household data
The U.S. Census Bureau said a data breach early last week did not expose survey data it collects on households and businesses.The leak came from a database belonging to the Federal Audit Clearinghouse, which collects audit reports from government agencies and other organizations spending federal grants, wrote John H. Thompson, the Census Bureau’s director, on Friday.The exposed information included the names of people who submitted information, addresses, phone numbers, user names and other data, he wrote.A group calling itself Anonymous Operations posted a link on Twitter leading to four files. The cyberattack was allegedly in protest of the Trans-Pacific Partnership and the Transatlantic Trade and Investment Partnership, two pending trade agreements that have been widely criticized.To read this article in full or to leave a comment, please click here
0
Google removes ‘porn clicker’ malware from Play Store
Google has removed dozens of apps from its Play Store that purport to be games but secretly click on advertisements on pornographic websites.Security company Eset found 51 new apps that contained the “porn clicker” component, which it first discovered in April in a fake app mimicking a video app called Dubsmash.Over the last three months, some 60 fake apps have been downloaded 210,000 times, showing how common it is for users to stumble across and download them.“Following ESET’s notification, Google has pulled the malware from the Play Store and also reports some of them as potentially harmful applications using its built-in security service,” wrote Lukas Stefanko, an Eset malware researcher.To read this article in full or to leave a comment, please click here
0
Nigerian scammers buy exploit kits to defraud Asian businesses
A small group of Nigerian scammers is using more sophisticated methods to defraud mostly Asian businesses, including buying exploit kits and malware from experienced coders, according to a new report from FireEye.The security company said the group performs deep reconnaissance of its potential victims, jumping inside financial transactions in order to try to divert payments to their own accounts.The schemes are much more complex than so-called 419 or advance fee fraud scams, where random victims are induced to send funds in order to get a non-existent but much larger payoff.To read this article in full or to leave a comment, please click here
0
Online ad industry tries to stamp out click fraud
The online advertising industry is marshaling a fresh effort to fight click fraud, which steals money from advertisers and undermines faith in online campaigns.The latest effort is focused on automated traffic caused by bots from within data centers that is intended to trigger ad impressions, according to the Trustworthy Accountability Group (TAG), an industry body.TAG is going to initially use a blacklist maintained by Google that lists suspicious IP addresses of computers in data centers that may be trying to replicate human clicks on advertisements. Ad-focused technology companies, including Facebook and Yahoo, will also contribute.To read this article in full or to leave a comment, please click here
0
Spam rate falls below 50 percent for first time in a decade
Spam fell to less than 50 percent of all email in June, the lowest in a decade, Symantec said Thursday in its latest Intelligence Report.The levels of spam have been slowly falling since 2010 for multiple reasons. Network providers are more tuned into the problem and take action faster when there are issues on their services.Also, unlike six or seven years ago, sending billions of messages per day from massive botnets isn’t as feasible anymore.Law enforcement, along with companies including Microsoft, have aggressively gone after some of the largest botnets over the last few years and worked to technically shut them down. Although some botnet operators have been able in some instances to regain control, the increased attention makes it more difficult for them to work.To read this article in full or to leave a comment, please click here
0
Bogus news app used to deliver Hacking Team spy tool
Data stolen from Hacking Team continues to yield information about the company’s infiltration techniques. The latest find is a fake Android news app, which was used to install its flagship surveillance tool.The app is called “BeNews,” the same name as a long-shuttered news website, wrote Wish Wu, mobile threat response engineer, on Trend Micro’s blog.Inside the app is a backdoor that appears to have been used to load the Android version of Hacking Team’s Remote Control System (RCS), also known as Galileo, a data-collecting tool the company sold to law enforcement and security agencies worldwide.To read this article in full or to leave a comment, please click here
0
Google fine tunes spam catching tools
Google has reduced spam reaching inboxes to a fraction of a percent, but in the process sometimes misclassifies bulk-mailed messages like monthly statements and ticket receipts.It’s a big problem for large bulk emailers of legitimate messages. To deal with it, Google has created a toolset to help those mailers figure out what’s happening to their messages.Postmaster Tools is designed for administrators and provides information on delivery errors, spam reports and reputation, wrote Sri Harsha Somanchi, a Google product manager, in a blog post.Google is also try to make its spam filter for consumer accounts more customizable. Although people can already classify messages by specifically labeling one as spam, what is spam to one person may be considered a desired communication by another.To read this article in full or to leave a comment, please click here
0
Hacking Team claims terrorists can now use its tools
Hacking Team has warned that a devastating data breach it suffered will allow its spying tools to be used by criminals and terrorists.The Milan-based security company, which develops surveillance tools for mostly government clients, saw more than 400GB of internal data released on Sunday, including emails, clients lists, financial information and source code.“Terrorists, extortionists and others can deploy this technology at will if they have the technical ability to do so,” wrote Hacking Team spokesman Eric Rabe in a news release on Wednesday. “We believe this is an extremely dangerous situation.”To read this article in full or to leave a comment, please click here