Jeremy Kirk

Author Archives: Jeremy Kirk

Instead of news, UK paper delivered ransomware

A major UK newspaper is cleaning up its website after a criminals tried to deliver ransomware to thousands of its readers.The attack affected the blogs section of The Independent newspaper's website, Joseph C. Chen, a fraud researcher with Trend Micro, said in a blog post Tuesday."We have already informed The Independent about this security incident and are working with them to contain the situation," Chen wrote. "For their part, the news website staff was quick to respond and take action to mitigate the risk this event posed to the website itself and its user base."To read this article in full or to leave a comment, please click here

Former Secret Service agent sentenced for corruption in Silk Road investigation

A former Secret Service agent was sentenced Monday to 71 months in prison for stealing bitcoins from vendors on the Silk Road, the now-shuttered underground marketplace he was investigating. Shaun W. Bridges, 33, of Laurel, Maryland, must also forfeit US$650,000, the U.S. Justice Department said.Bridges pleaded guilty on Oct. 31 in the U.S. District Court for the Northern District of California to money laundering and obstruction of justice.He was one of two federal investigators charged with crimes committed during the probe of the Silk Road, which was shut down in October 2013.To read this article in full or to leave a comment, please click here

Iran-based hackers may be tracking dissidents and activists, Symantec says

Hackers based in Iran have been using malware to spy on individuals, including potentially dissidents and activists in the country, according to new research from Symantec.The attacks aren't particularly sophisticated, but the hackers have had access to their targets' computers for more than a year, Symantec said, which means they may have gained access to "an enormous amount of sensitive information."Two groups of hackers, named Cadelle and Chafer, distributed malware that steals information from PCs and servers, including from airlines and telcos in the region, Symantec said.To read this article in full or to leave a comment, please click here

New payment card malware hard to detect and remove

FireEye says it has discovered a type of malware designed to steal payment card data that can be very difficult to detect and remove. The cybercriminal group behind the malware, which FireEye nicknamed "FIN1," is suspected of being in Russia and has been known to target financial institutions. The malware, which FIN1 calls Nemesis, infected an organization that processes financial transactions, which FireEye did not identify. Payment card data is highly sought after by cybercriminals, who have in recent years targeted very large organizations that handle card data. Target, Home Depot and many others have reported large data breaches over the years. Some payment processors were also hit.To read this article in full or to leave a comment, please click here

Millions of smart TVs, phones and routers at risk from old vulnerability

A three-year-old vulnerability in a software component used in millions of smart TVs, routers and phones still hasn't been patched by many vendors, thus posing a risk, according to Trend Micro.Although a patch was issued for the component in December 2012, Trend Micro found 547 apps that use an older unpatched version of it, wrote Veo Zhang, a mobile threats analyst."These are very popular apps that put millions of users in danger; aside from mobile devices, routers, and smart TVs are all at risk as well," he wrote.To read this article in full or to leave a comment, please click here

Microsoft, law enforcement disrupt Dorkbot botnet

Microsoft said Thursday it aided law enforcement agencies in several regions to disrupt a four-year-old botnet called Dorkbot, which has infected one million computers worldwide.The Dorkbot malware aims to steal login credentials from services such as Gmail, Facebook, PayPal, Steam, eBay, Twitter and Netflix.It was first spotted around April 2011. Users typically get infected by browsing to websites that automatically exploit vulnerable software using exploit kits and through spam. It also has a worm functionality and can spread itself through through social media and instant messaging programs or removable media drives.Microsoft didn't provide much detail on how Dorkbot's infrastructure was disrupted. The company has undertaken several such actions over the last few years in cooperation with law enforcement.To read this article in full or to leave a comment, please click here

Free digital certificate project opens doors for public beta

Let's Encrypt, the project offering free digital certificates for websites, is now issuing them more broadly with the launch of a public beta on Thursday.The beta label will eventually be dropped as the software they've developed is refined, wrote Josh Aas, executive director of the Internet Security Research Group (ISRG), which runs Let's Encrypt."Automation is a cornerstone of our strategy, and we need to make sure that the client works smoothly and reliably on a wide range of platforms," he wrote.Digital certificates use the SSL/TLS (Secure Sockets Layer/Transport Layer Security) protocols to encrypt traffic exchanged between a user and a service, adding a higher level of privacy and security.To read this article in full or to leave a comment, please click here

US, China take first steps toward cybersecurity cooperation

The U.S. and China have reached an agreement on how to begin cooperating on cybersecurity, an issue that has caused high tension between the two nations over the last few years.The agreement, reached in the first high-level meeting of its kind, calls for guidelines on sharing computer security information, a hotline to discuss issues, a so-called tabletop cybersecurity exercise and further dialog on concerns such as the theft of trade secrets. The U.S. and China have had a combative relationship on cybersecurity, which escalated in 2010 when Google directly accused China-based hackers of stealing its intellectual property.To read this article in full or to leave a comment, please click here

Encrypted messaging app Signal available for desktops

The much-lauded encryption app Signal has launched a beta program for a desktop version of the app, which will run through Google's Chrome browser.Signal Desktop is Chrome app that will sync messages transmitted between it and an Android device, wrote Moxie Marlinspike, a cryptography expert who had helped develop Signal, in a blog post on Wednesday.The app comes from Open Whisper Systems, which developed Signal's predecessors, Redphone and TextSecure, which were two Android applications that encrypt calls and messages. Both have been consolidated into Signal.Signal Desktop won't be able to sync messages with iPhone just yet, although there are plans for iOS compatibility, Marlinspike wrote. It also won't support voice initially.To read this article in full or to leave a comment, please click here

Ransomware and scammy tech support sites team up for a vicious one-two punch

Symantec has seen a curious fusing of two pernicious online threats, which would cause a big headache if encountered by users.Some websites offering questionable tech support services are also dishing up ransomware, which locks up a users files until they pay a fee to decrypt them.The support scams involve trying to convince users they have a computer problem and then selling them overpriced software or support services to fix it. It's often done via a pop-up message that urges people to call a number or download software.To read this article in full or to leave a comment, please click here

Toy maker VTech says breach hit 6.4 million kids’ accounts

Educational toy maker VTech has said 11.6 million accounts were compromised in a cyberattack last month, including those of 6.4 million children.The total number of accounts affected is nearly double that reported last week by the security news site Motherboard, which interviewed a hacker who claimed credit for the breach.Most of the account holders were in the U.S., including 2.2 million parents and 2.8 million children, VTech said Wednesday in Hong King, where the company is based. France, the U.K., Germany and Canada round out the top five countries hit, VTech said in an updated FAQ.To read this article in full or to leave a comment, please click here

Flaws in Huawei WiMax routers won’t be fixed, researcher says

Huawei isn't planning on patching several flaws in seven models of WiMax routers that are not being supported anymore by the company, according to a security researcher.Pierre Kim published a list of the affected models, which are still used in countries including Ivory Coast, Iran, Iraq, Libya, the Philippines, Bahrain and Ukraine.Kim notified Huawei of the problem on Oct. 28. He wrote that Huawei said the routers are no longer serviced by the company and would not be patched.The routers include the EchoLife BM626 WiMax CPE and associated models running the same firmware including the BM626e, BM635, BM632, BM631a, BM632w and the BM652.To read this article in full or to leave a comment, please click here

Data breach of toy maker VTech leaked photos of children, parents

The data breach of Hong Kong toy manufacturer VTech appears to have also included photos of children and parents, adding to what could be one of the most surprising leaks of the year.VTech, which makes cordless phones and what it terms electronic learning devices for kids, apologized on Twitter on Monday. The company said it has suspended the affected service, called Learning Lodge, and is notifying customers.Vice's Motherboard tech news site, which first reported the breach, said on Monday the breach also contained thousands of photos of parents and kids and chat logs.To read this article in full or to leave a comment, please click here

Microsoft zaps dodgy Dell digital certificates

Microsoft has updated several of its security tools to remove two digital certificates installed on some Dell computers that could compromise data. The updates apply to Windows Defender for Windows 10 and 8.1; Microsoft Security Essentials for Windows 7 and Vista; and its Safety Scanner and Malicious Software Removal tool, according to postings here and here.To read this article in full or to leave a comment, please click here

VPN bug poses privacy threat to BitTorrent downloaders

A bug affecting some VPN services can be used to figure out a computer's real IP addresses, including those of BitTorrent users, which could pose a huge privacy and possibly a legal risk.The vulnerability affects those services that allow port forwarding, according to VPN provider Perfect Privacy, which wrote about the issue on Thursday.A successful attack requires a couple of conditions to be met: the attacker must be on the same VPN network as the victim, who also has to be lured into connecting to a resource controlled by the attacker.To read this article in full or to leave a comment, please click here

Microsoft beefs up security products to block adware

Microsoft is adding a new opt-in defense for enterprises to block adware, which is often sneakily wrapped into free downloads.Adware is often classified as a potentially unwanted application, or PUA, an industry term for applications that aren't necessarily malware but could be a security or performance risk."These applications can increase the risk of your network being infected with malware, cause malware infections to be harder to identify among the noise, and can waste helpdesk, IT, and user time cleaning up the applications," according to a Microsoft blog post.To read this article in full or to leave a comment, please click here

Dridex spam campaigns target the US, UK and France

The Dridex botnet, which targets financial credentials, appears to be gaining steam again, striking computers in the U.S., U.K. and France.Trend Micro is the latest security vendor to say it is seeing Dridex activity after the U.S. Department of Justice said last month it had significantly disrupted it in a joint action with the U.K. Sometimes referred to as Cridex or Bugat, Dridex is advanced malware that collects financial login details and other personal information that can be used to drain bank accounts.Trend has seen multiple spam campaigns sending out malicious attachments, such as Excel or Word documents, that could install Dridex, wrote Ryan Flores, a threat research manager.To read this article in full or to leave a comment, please click here

This gizmo knows your Amex card number before you’ve received it

A device built by legendary hacker Samy Kamkar calls into question the security of payment cards as the U.S. continues to grapples with card fraud. Kamkar's device, nicknamed MagSpoof, is about the size of a U.S. quarter, and it's safe to say it would be a fraudster's dream. MagSpoof can predict what a new American Express card number will be based on a canceled card's number. The new expiration date can also be predicted based on when the replacement card was requested. It can also trick point-of-sale readers into accepting payment from cards that are supposed to have a microchip with advanced cryptographic capabilities designed to deter fraud, a system known as chip-and-PIN, but do not.To read this article in full or to leave a comment, please click here

As China moves to payment cards, cybercriminals follow

As China increasingly embraces payment cards over cash, Trend Micro is seeing an uptick in cybercriminal activity aimed at card fraud. The security company published a new study of the Chinese underground cybercriminal market, which shows a strong interest in ways to capture payment card details. "Cybercriminals quickly jumped on the noncash payment bandwagon," wrote report author Lion Gu of Trend Micro's Forward-Looking Threat Research Team. The market for such tools has been strong in countries that heavily use payment cards, so it's probably not surprising that the trade would rise in China.To read this article in full or to leave a comment, please click here

Dell security error widens as researchers dig deeper

The fallout from a serious security mistake made by Dell is widening, as security experts find more issues of concern.Researchers with Duo Security have found a second weak digital certificate in a new Dell laptop and evidence of another problematic one circulating.The issue started after it was discovered Dell shipped devices with a self-signed root digital certificate, eDellRoot, which is used to encrypt data traffic. But it installed the root certificate with the private encryption key included, a critical error that left many security experts aghast.To read this article in full or to leave a comment, please click here

1 4 5 6 7 8 18