Jeremy Kirk

Author Archives: Jeremy Kirk

Android malware masquerades as Nintendo game emulator

A new family of Android malware adds insult to injury by making users pay for the data-stealing application.Palo Alto Networks found three variants of the malware, which it calls Gunpoder, masquerading as emulator applications used to play Nintendo games.Antivirus engines are having trouble detecting Gunpoder’s malicious code since it is packaged with an adware library called Airpush, wrote Cong Zheng and Zhi Xu of Palo Alto’s Unit 42 research group.“The malware samples successfully use these advertisement libraries to hide malicious behaviors from detection by antivirus engines,” they wrote. “While antivirus engines may flag Gunpoder as being adware, by not flagging it as being overtly malicious, most engines will not prevent Gunpoder from executing.”To read this article in full or to leave a comment, please click here

Android malware masquerades as Nintendo game emulator

A new family of Android malware adds insult to injury by making users pay for the data-stealing application.Palo Alto Networks found three variants of the malware, which it calls Gunpoder, masquerading as emulator applications used to play Nintendo games.Antivirus engines are having trouble detecting Gunpoder’s malicious code since it is packaged with an adware library called Airpush, wrote Cong Zheng and Zhi Xu of Palo Alto’s Unit 42 research group.“The malware samples successfully use these advertisement libraries to hide malicious behaviors from detection by antivirus engines,” they wrote. “While antivirus engines may flag Gunpoder as being adware, by not flagging it as being overtly malicious, most engines will not prevent Gunpoder from executing.”To read this article in full or to leave a comment, please click here

Italian surveillance software maker, Hacking Team, allegedly breached

An Italian developer of surveillance software, Hacking Team, which has previously been sharply criticized by digital activists, has apparently suffered a large data breach.Hacking Team develops surveillance tools that it has maintained are legally sold to governments for law-abiding investigations. But critics contend the company’s software has been used to spy on dissidents, human rights activists and journalists.On Sunday, it appeared that Hacking Team’s Twitter feed was taken over. The banner on the page had been changed to “Hacked Team.” Several posts contained screenshots that are purportedly of the stolen data, which included emails sent by Hacking Team’s founder and CEO, Vincent Vincenzetti.To read this article in full or to leave a comment, please click here

Bitcoin glitch expected to abate as software upgrades continue

Bitcoin experienced a glitch over the weekend that is expected to be resolved as software clients that handle transaction data are upgraded.Some software clients that “mine” bitcoins are creating invalid transaction data, which are referred to as blocks. Blocks are records of transactions, and the first miner to complete a block is rewarded with new bitcoins. The blocks are added to bitcoin’s public ledger, called the blockchain.Some software clients that had not been recently upgraded are accepting invalid blocks created by other clients, according to a notice posted on bitcoin.org.To read this article in full or to leave a comment, please click here

Plex hacker demands Bitcoin ransom for return of data

Video streaming service Plex has reset user passwords after it was breached by a hacker who threatened to release stolen data unless he’s paid a ransom.The company found out on Wednesday that a server hosting its forum and blog had been compromised, Chris Curtis, a Plex support engineer, said in a blog post.Information including IP addresses, email addresses, private forum messages and encrypted passwords were exposed.Someone going by the nickname “Savata” claimed responsibility for the breach and threatened to release the data on torrent networks if a ransom wasn’t paid in bitcoins.To read this article in full or to leave a comment, please click here

DEA agent pleads guilty to accepting Silk Road funds

A Drug Enforcement Administration agent intimately involved in the Silk Road investigation admitted on Wednesday he secretly accepted bitcoins from the underground website’s operator and illegally took other funds.Carl Mark Force IV, who was a DEA agent for 15 years, pleaded guilty to money laundering, obstruction of justice and extortion under color of official right, according to the plea agreement, filed in U.S. District Court for the Northern District of California.Force could face up to 20 years in prison on each of the counts.Force, who was based in Baltimore, was part of a multi-agency task force investigating the Silk Road, an underground marketplace for goods such as drugs and fake ID documents. It was shut down in October 2013.To read this article in full or to leave a comment, please click here

FTC settles with developers of sneaky cryptocurrency mining app

The developers of a mobile app called Prized that secretly mined cryptocurrencies on people’s mobile phones have settled with the U.S. Federal Trade Commission after being accused of deceptive trade practices.Equiliv Investments and Ryan Ramminger, both of Ohio, settled for US$50,000, of which $44,800 will be suspended upon payment of $5,200 to New Jersey regulators, the agency said in a news release Monday. The suit was filed in U.S. District Court for the District of New Jersey last Wednesday.To read this article in full or to leave a comment, please click here

Banking malware proves tough to repel

Companies are finding it tough to keep out new types of banking malware, which continue to get better following the bar-raising threat known as Zeus.The malicious programs all aim to swiftly and secretly steal credentials for online bank accounts, with some specializing in making large, unauthorized wire transfers from businesses using the ACH (Automated Clearing House) system.A study by the firm SecurityScorecard, which specializes in tracking a company’s risk of intrusion, found more than 4,700 organizations that were infected by some type of advanced banking malware.SecurityScorecard collected the data in part by using sinkholes, or computers that researchers control which are part of a network of infected machines, known as a botnet. An analysis of those sinkholes can lend insight into how many machines may be infected with a particular type of malware.To read this article in full or to leave a comment, please click here

Magento e-commerce platform targeted with sneaky code

Attackers are using a sneaky method to steal payment card data from websites using Magento, eBay’s widely used e-commerce platform.Researchers from Sucuri, a company that specializes in securing websites, said the attackers can collect any data submitted by a user to Magento but carefully filters out anything that doesn’t look like credit card data.The attackers are injecting their malicious code into Magento, but it’s still unclear how that process happens, wrote Peter Gramantik, a senior malware researcher with Sucuri.“It seems though that the attacker is exploiting a vulnerability in Magento core or some widely used module/extension,” he wrote.To read this article in full or to leave a comment, please click here

Cisco warns of default SSH keys shipped in three products

Cisco Systems said Thursday it released a patch for three products that shipped with default encryption keys, posing a risk that an attacker with the keys could decrypt data traffic.The products are Cisco’s Web Security Virtual Appliance, Email Security Virtual Appliance and Security Management Virtual Appliance, it said in an advisory. Versions downloaded before Thursday are vulnerable.Cisco said it “is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.”The three products all shipped with preinstalled encryption keys for SSH (Secure Shell), which is used to remotely log into machines. It’s considered a bad security practice to ship products that all have the same private keys.To read this article in full or to leave a comment, please click here

Cisco warns of default SSH keys shipped in three products

Cisco Systems said Thursday it released a patch for three products that shipped with default encryption keys, posing a risk that an attacker with the keys could decrypt data traffic.The products are Cisco’s Web Security Virtual Appliance, Email Security Virtual Appliance and Security Management Virtual Appliance, it said in an advisory. Versions downloaded before Thursday are vulnerable.NEW CISCO CEO: Meet the Real Chuck RobbinsTo read this article in full or to leave a comment, please click here

Florida telemarketer, under FTC watch, suffers data breach

A Florida-based computer tech support call center has suffered a data breach, with customer records being abused by fraudsters trying to get access to online bank accounts.The data breach is the latest problem for Advanced Tech Support, an inbound call center based in Boca Raton, which is run by Inbound Call Experts.Last November, those two companies and others were sued by the Federal Trade Commission in U.S. District Court for the Southern District of Florida, for allegedly duping callers into buying overpriced computer support services and unnecessary security software.To read this article in full or to leave a comment, please click here

Swedish man sentenced for powerful Blackshades malware

The creator of a tool that was used to steal data from a half-million computers will go to prison for close to five years, the U.S. Department of Justice said Tuesday.Alex Yucel, 25, of Sweden, pleaded guilty in February in a New York federal court to one count of distributing malicious software. He was sentenced to four and three-quarter years in prison and must forfeit $200,000, according to a news release.To read this article in full or to leave a comment, please click here

RubyGems DNS flaw now patched after second try

A revised patch has been released for a flaw in the distribution platform for Ruby applications, RubyGems, which could be used to deliver malware to someone trying to download a program.RubyGems lets people search for a “gem,” which is a packaging format for Ruby applications and code libraries. Ruby developers publish a gem when an application is ready.Security researchers from Trustwave found a problem with the platform. When people search for a gem, RubyGems uses a DNS (Domain Name System) SRV record request to find a server hosting a particular gem.The request, however, “does not require that DNS replies come from the same security domain as the original gem source,” according to a writeup, which Trustwave plans to release on its blog on Tuesday.To read this article in full or to leave a comment, please click here

How encryption keys could be stolen by your lunch

Israel-based researchers said they’ve developed a cheaper and faster method to pull the encryption keys stored on a computer using an unlikely accomplice: pita bread.The new study builds on research into what can be learned from the electronic signals that waft from computers while performing computations, often referred to as side-channel attacks.By studying the electronic signals, researchers have shown it is possible to deduce keystrokes, figure out what application a person is using or discover the secret encryption keys used to encrypt files or emails.To read this article in full or to leave a comment, please click here

LinkedIn says private bug bounty program works for it better

LinkedIn plans to continue closely vetting researchers for its bug bounty rewards program, saying it reduces the number of distracting erroneous and irrelevant reports.The decision to keep its program private “gives our strong internal application security team the ability to focus on securing the next generation of LinkedIn’s products while interacting with a small, qualified community of external researchers,” wrote Cory Scott, LinkedIn’s director of information security, in a blog post.Security researchers with vetted backgrounds are invited to participate, which allow them to have the same experience as if they were on LinkedIn’s internal security team, Scott wrote.To read this article in full or to leave a comment, please click here

Free SSL/TLS certificate project moves closer to launch

Let’s Encrypt, a project aimed at increasing the use of encryption across websites by issuing free digital certificates, is planning to issue the first ones next month.Digital certificates are used to encrypt data traffic between a computer and a server using SSL/TLS (Secure Sockets Layer/Transport Layer Security) and for checking that a website isn’t a spoof.Let’s Encrypt is run by the Internet Security Research Group (ISRG), a new California public-benefit corporation. Its backers include Mozilla, the Electronic Frontier Foundation, Cisco and Akamai.The first certificates will not be valid unless administrators install the organization’s root certificate in their client software, wrote Josh Aas, ISRG’s executive director, in a blog post.To read this article in full or to leave a comment, please click here

How a bad keystroke can lead you to SpeedUpKit ‘scareware’

Dozens of misspelled domain names that spoof major brands are leading unsuspecting PC users to a questionable tune-up application called SpeedUpKit.Since people are unlikely to seek out the application, its promoters rely partly on people misspelling the domain name for prominent brands to lead them to it. If you try to access the obituary website legacy.com from a Windows PC in the U.S., for instance, but type “legady” by accident, you’re likely to end up on a page promoting SpeedUpKit.The practice, known as typosquatting, can sometimes violate consumer protection laws or constitute trademark infringement. Big brands police the web for such misspellings, and domain name registrars often try to stop the practice, but it still happens.To read this article in full or to leave a comment, please click here

Duqu 2.0 used digital certificates belonging to Foxconn

A deeper look into the latest version of malware known as Duqu shows it used digital certificates from prominent contract manufacturer Foxconn Technology Group to help mask its activity.Kaspersky Lab, which published a report on Duqu 2.0 last week, wrote in a blog post Monday that a 64-bit driver within the malware employed a digital certificate signed by Hon Hai Precision Industry, also known as Foxconn.Digital certificates are used for encrypting data and verifying the legitimacy of websites and applications. Using a digital certificate issued to a trusted organization makes it less likely that an application is going to be detected as harmful.To read this article in full or to leave a comment, please click here

With payroll in arrears, online antivirus seller shuts doors

The sudden shutdown of a computer tech support call center has left some of its employees wondering if they will be paid.EZ Tech Support, based in Portland, Oregon, took calls from people who had advertising software installed on their computers that warned of possible security and performance problems. The programs implored people to call the company’s number, which was displayed amid warnings.The company stopped taking calls earlier this week, according to two former EZ Tech Support employees. Contacted by email, its general manager, Gavynn Wells, said he was no longer worked there and was “unclear as to the direction the company will be going into.”To read this article in full or to leave a comment, please click here

1 10 11 12 13 14 18