A hacking group that crippled South Korean banks, government websites and news agencies in early 2013 may be active again, Palo Alto Networks said Wednesday.The firewall maker said it found strong similarities between malware used in a recent attack in Europe and that used in the South Korean attacks, referred to as Dark Seoul and Operation Troy.The organization in Europe that was attacked was likely a victim of spear-phishing, where an email with a malware attachment or a harmful link is sent to hand-picked employees.The malware had been wrapped into legitimate video player software that was hosted by an industrial control systems company, wrote Bryan Lee and Josh Grunzweig of Palo Alto in a blog post. The code appears to be the same as the malware used in the Dark Seoul attacks although without the destructive component that wipes hard drives.To read this article in full or to leave a comment, please click here
Security company Damaballa said it has found two utilities that are closely related to capabilities seen in the destructive malware that hit Sony Pictures Entertainment last year.
The utilities were discovered as Damballa was investigating a new version of the "Destover" malware, which rendered thousands of computers unusable at Sony after attackers stole gigabytes of sensitive company information.
One key question in the Sony breach is how the attackers were able to evade security systems. What Damaballa found are two utilities that help mask new files introduced to a system.
"Both utilities would be used during an attack to evade detection while moving laterally through a network to broaden the attack surface," wrote senior threat researchers Willis McDonald and Loucif Kharouni, in a blog post on Wednesday.To read this article in full or to leave a comment, please click here
SentinelOne has added a feature to its endpoint detection products that can restore files encrypted by cybercriminals, a common type of attack known as ransomware.
The "rollback" feature will be available in the 1.6 versions of its Endpoint Protection Platform (EPP) and the Endpoint Detection and Response (EDR) products at no charge, said Dal Gemmell, director of product management.
SentinelOne is among several vendors that are trying to displace traditional antivirus vendors with products that detect malware using deep analysis rather than signature-based detection.
The company's products use a lightweight agent on endpoints such as laptops and desktops, which looks at the core of the operating system -- the kernel -- as well the the user space, trying to spot changes that might be linked to malware.To read this article in full or to leave a comment, please click here
Cisco is working to build the confidence of prospective customers in its products, two years after disclosures of spying by the U.S. National Security Agency seeded doubt, particularly in China.
It is increasingly putting more stringent security requirements on its suppliers and has launched a beta program that allows customers to analyze its products in a highly secure environment before buying.
The efforts are intended to introduce more transparency to allay growing concerns over how supply chains could be opportunistically used by spies and cybercriminals.
"I worry about manipulation, espionage and disruption," said Edna Conway, chief security officer of Cisco's global value chain, in a recent interview. "We worry about tainted solutions, counterfeit solutions and the misuse of intellectual property."To read this article in full or to leave a comment, please click here
The Blackhole exploit kit has made a surprising reappearance two years after cybercriminals stopped using it, according to security vendor Malwarebytes.Exploit kits are frameworks planted on Web pages that try to find software flaws on the computers in order to silently install malware.Blackhole was one of most popular exploit kits, but it faded from prominence after its alleged creator, who went by the nickname Paunch, was arrested in Russia. The kit was sold or rented to other cybercriminals in the underground economy for hacking tools.To read this article in full or to leave a comment, please click here
A partnership announced by Dell on Tuesday shows how cybersecurity defenses are evolving, which could have wide-ranging effects on vendors like Symantec, McAfee and Trend Micro.The PC giant has partnered with Cylance, an Irvine, California-based company that specializes in detecting and blocking attacks on endpoint computers.Early next year, Dell will wrap Cylance's Protect product in its Data Protection Endpoint Security Suite, said Brett Hansen, Dell's executive director of data security solutions. The suite is an integrated package with encryption capabilities, authentication features and malware detection.To read this article in full or to leave a comment, please click here
The spate of cyberattacks against email providers is likely to pass with time as they refuse to pay ransoms. But that doesn't mean the attacks haven't cost them.
Since early this month, the list of companies that have been attacked has grown longer: first ProtonMail of Switzerland, followed by HushMail, RunBox, VFEmail, Zoho and FastMail of Australia.
The companies have typically received extortion requests by email asking for 10 or 20 bitcoins in exchange for not being subjected to distributed denial-of-service (DDoS) attacks.
DDoS attacks involve sending a large amount of data traffic to a company's network, causing the service to choke and go offline.To read this article in full or to leave a comment, please click here
Cybercriminals have been delivering malware through online display ads for years, but they appear to be making headway with a new distribution method: video advertisements.Both methods of attack, known as malvertising, can have a broad impact and are a major headache for the ad industry. A single malicious advertisement, distributed to several highly trafficked sites, can expose tens of thousands of computers to malware in a short time.Some ad networks and publishers have taken steps to vet their ads more thoroughly, but criminals are constantly on the lookout for weaknesses.An attack detected about two weeks ago shows how cybercriminals are showing more interest in creating malicious video ads.To read this article in full or to leave a comment, please click here
Cybercriminals have been delivering malware through online display ads for years, but they appear to be making headway with a new distribution method: video advertisements.
Both methods of attack, known as malvertising, can have a broad impact and are a major headache for the ad industry. A single malicious advertisement, distributed to several highly trafficked sites, can expose tens of thousands of computers to malware in a short time.
Some ad networks and publishers have taken steps to vet their ads more thoroughly, but criminals are constantly on the lookout for weaknesses.
An attack detected about two weeks ago shows how cybercriminals are showing more interest in creating malicious video ads.To read this article in full or to leave a comment, please click here
Apple computers haven't been impacted by ransomware, a pervasive and insidious class of malware that encrypts files on a computer in exchange for a ransom.That's not because Apple's operating system is any more secure than Windows; it's more that malware writers haven't gotten around to writing ransomware for OS X since infecting Windows machines has been so profitable.However, a Brazilian security researcher, Rafael Salema Marques, decided to show how easy it would be for malware writers to target OS X in a polished experiment that took him a couple of days.To read this article in full or to leave a comment, please click here
ProtonMail, the Switzerland-based encrypted email service, has found its footing again after a wild ride over the past week.The free service has said it was hit by two different groups using distributed denial-of-service attacks (DDoS) that took it offline.Now it has partnered with Radware, which offered its DDoS mitigation service for a "reasonable price," allowing service to resume, ProtonMail wrote in a blog post on Tuesday."The attackers hoped to destroy our community, but this attack has only served to bring us all together, united by a common cause and vision for the future," the company wrote.To read this article in full or to leave a comment, please click here
Comodo said Monday it fixed a bug that led to the issuance of some now-banned digital certificates. Other CAs might have the same problem, too.Under new rules from the CA/Browser Forum (CAB) that came into force on Nov. 1, certification authorities (CAs) are not supposed to issue new SSL/TLS (Secure Sockets Layer/Transport Layer Security) certificates for internal host names.Comodo had been preparing for the rule change, but a "subtle bug" was introduced in its issuing system on Oct. 30, wrote Rob Stradling, senior research and development scientist, in a post on the CAB Forum.To read this article in full or to leave a comment, please click here
Adobe Systems' Flash plugin gets no love from anyone in the security field these days. A new study released Monday shows just how much it is favored by cybercriminals to sneak their malware onto computers.
It looked at more than 100 exploit kits, which are frameworks planted in Web pages that automatically probe for software vulnerabilities when a user browses to a page.
Those who develop exploit kits are often hired by others to help distribute specific kinds of malware.
Of the top 10 vulnerabilities found in the exploit kits, eight of them were targeted at Adobe's Flash plugin, used on millions of computers to play multimedia content, according to Recorded Future, a cybersecurity intelligence firm based in Somerville, Massachusetts.To read this article in full or to leave a comment, please click here
The most serious software flaws ever have been found in SAP's HANA platform, the in-memory database platform that underpins many of the German company's products used by large companies.Eight of the flaws are ranked critical, the highest severity rating, since attackers could use them to delete data, steal customer information and financial statements or change product pricing data."We found lot of stuff under the carpet," said Mariano Nunez, CEO of Onapsis, a Boston-based security company that focuses on protecting SAP systems.What is remarkable is that several of the 21 vulnerabilities found by Onapsis were remotely exploitable, meaning an attacker could gain access to HANA from afar over the Internet. To read this article in full or to leave a comment, please click here
The last few days have not been easy for ProtonMail, the Geneva-based encrypted email service that launched last year.
Earlier this week, the service was extorted by one group of attackers, then taken offline in a large distributed denial-of-service (DDoS) attack by a second group that it suspects may be state sponsored.
ProtonMail offers a full, end-to-end encrypted email service. It raised more than US$500,000 last year after a blockbuster crowdfunding campaign that sought just $100,000.
Now, it bills itself as the largest secure email provider, with more than 500,000 users. Creating an account is free, although ProtonMail plans to eventually introduce a paid-for service with additional features.To read this article in full or to leave a comment, please click here
Nick Arnott couldn't figure out recently why Apple kept rejecting an update to a mobile app his company developed.It turned out the problem was a ghost in the machine.His company, Possible Mobile, is well versed in the App Store submission rules and has built apps for JetBlue, Better Homes & Gardens and the Major League Soccer.The rejection came after it was discovered in mid-September that thousands of apps in the App Store had been built with a counterfeit version of an Apple development tool, Xcode.The fake version, dubbed XcodeGhost and probably developed in China, had been downloaded by many developers from third-party sources, apparently because getting the 4GB code from Apple took too long.To read this article in full or to leave a comment, please click here
Apple is facing growing challenges keeping suspicious mobile applications out of its App Store marketplace.Over the last two months, researchers have found thousands of apps that could have potentially stolen data from iOS devices.While the apps were not stealing data, security experts said it would have been trivial for attackers to configure them to do so. Apple has removed some of affected apps since it was alerted by security companies. But the problems threaten to taint the App Store's years-long reputation as being high quality and malware free. Apple officials didn't have an immediate comment.To read this article in full or to leave a comment, please click here
Apple is facing growing challenges keeping suspicious mobile applications out of its App Store marketplace.
Over the last two months, researchers have found thousands of apps that could have potentially stolen data from iOS devices.
While the apps were not stealing data, security experts said it would have been trivial for attackers to configure them to do so.
Apple has removed some of affected apps since it was alerted by security companies. But the problems threaten to taint the App Store's years-long reputation as being high quality and malware free. Apple officials didn't have an immediate comment.To read this article in full or to leave a comment, please click here
Dozens of U.S. enterprises are still using Apple mobile apps seeded with malware for a clever hacking scheme revealed last month known as XcodeGhost.The computer security firm FireEye said Tuesday it has detected that 210 enterprises that are still using infected apps, showing that the XcodeGhost malware "is a persistent security risk," according to a blog post.Last month, more than 4,000 applications were found to have been modified with a counterfeit version of Xcode, which is an application development tool from Apple.To read this article in full or to leave a comment, please click here
PageFair, an Irish ad analytics company, said Monday a small percentage of users were at risk after attackers compromised its systems over the weekend.CEO Sean Blanchfield wrote that 501 publishers that use the company's javascript tag were affected.Ninety percent of publishers have less than ten million page views per month, and 60 percent have less than one million page views per month, he wrote.PageFair has calculated that about 2.3 percent of the visitors to those sites would have been at risk of being infected.The attackers gained access to a key email account at PageFair and then reset the password for a PageFair account at a content distribution network (CDN).To read this article in full or to leave a comment, please click here
Jeremy Kirk