A newly released exploit can disable the write protection of critical firmware areas in Lenovo ThinkPads and possibly laptops from other vendors as well. Many new Windows security features, like Secure Boot, Virtual Secure Mode and Credential Guard, depend on the low-level firmware being locked down.The exploit, dubbed ThinkPwn, was published earlier this week by a researcher named Dmytro Oleksiuk, who did not share it with Lenovo in advance. This makes it a zero-day exploit -- an exploit for which there is no patch available at the time of its disclosure.ThinkPwn targets a privilege escalation flaw in a Unified Extensible Firmware Interface (UEFI) driver, allowing an attacker to remove the flash write protection and to execute rogue code in the SMM (System Management Mode), a privileged operating mode of the CPU.To read this article in full or to leave a comment, please click here
A newly released exploit can disable the write protection of critical firmware areas in Lenovo ThinkPads and possibly laptops from other vendors as well. Many new Windows security features, like Secure Boot, Virtual Secure Mode and Credential Guard, depend on the low-level firmware being locked down.The exploit, dubbed ThinkPwn, was published earlier this week by a researcher named Dmytro Oleksiuk, who did not share it with Lenovo in advance. This makes it a zero-day exploit -- an exploit for which there is no patch available at the time of its disclosure.ThinkPwn targets a privilege escalation flaw in a Unified Extensible Firmware Interface (UEFI) driver, allowing an attacker to remove the flash write protection and to execute rogue code in the SMM (System Management Mode), a privileged operating mode of the CPU.To read this article in full or to leave a comment, please click here
LizardStresser, the DDoS malware for Linux systems written by the infamous Lizard Squad attacker group, was used over the past year to create over 100 botnets, some built almost exclusively from compromised Internet-of-Things devices.LizardStresser has two components: A client that runs on hacked Linux-based machines and a server used by attackers to control the clients. It can launch several types of distributed denial-of-service (DDoS) attacks, execute shell commands and propagate to other systems over the telnet protocol by trying default or hard-coded credentials.The code for LizardStresser was published online in early 2015, giving less-skilled attackers an easy way to build new DDoS botnets of their own. The number of unique LizardStresser command-and-control servers has steadily increased since then, especially this year, reaching over 100 by June, according to researchers from DDoS mitigation provider Arbor Networks.To read this article in full or to leave a comment, please click here
LizardStresser, the DDoS malware for Linux systems written by the infamous Lizard Squad attacker group, was used over the past year to create over 100 botnets, some built almost exclusively from compromised Internet-of-Things devices.LizardStresser has two components: A client that runs on hacked Linux-based machines and a server used by attackers to control the clients. It can launch several types of distributed denial-of-service (DDoS) attacks, execute shell commands and propagate to other systems over the telnet protocol by trying default or hard-coded credentials.The code for LizardStresser was published online in early 2015, giving less-skilled attackers an easy way to build new DDoS botnets of their own. The number of unique LizardStresser command-and-control servers has steadily increased since then, especially this year, reaching over 100 by June, according to researchers from DDoS mitigation provider Arbor Networks.To read this article in full or to leave a comment, please click here
The infrastructure used by an Iranian cyberespionage group to control infected computers around the world has been hijacked by security researchers.Researchers from Palo Alto Networks came across the group's activities earlier this year, but found evidence that it has been operating since at least 2007. Its main tool is a custom malware program dubbed Infy, which was repeatedly improved over the years.The researchers have worked with domain registrars to seize the domains used by the attackers to control Infy-infected computers and to direct victims' traffic to a sinkhole server -- a server the researchers controlled.Control of the server was then transferred to the Shadowserver Foundation, an industry group that tracks botnets and works with ISPs and other parties to notify victims.To read this article in full or to leave a comment, please click here
The infrastructure used by an Iranian cyberespionage group to control infected computers around the world has been hijacked by security researchers.Researchers from Palo Alto Networks came across the group's activities earlier this year, but found evidence that it has been operating since at least 2007. Its main tool is a custom malware program dubbed Infy, which was repeatedly improved over the years.The researchers have worked with domain registrars to seize the domains used by the attackers to control Infy-infected computers and to direct victims' traffic to a sinkhole server -- a server the researchers controlled.Control of the server was then transferred to the Shadowserver Foundation, an industry group that tracks botnets and works with ISPs and other parties to notify victims.To read this article in full or to leave a comment, please click here
A Google security researcher has found high severity vulnerabilities in enterprise and consumer products from antivirus vendor Symantec that could be easily be exploited by hackers to take control of computers.Symantec released patches for the affected products, but while some products were updated automatically, some affected enterprise products could require manual intervention.The flaws were found by Tavis Ormandy, a researcher with Google's Project Zero team who has found similar vulnerabilities in antivirus products from other vendors. They highlight the poor state of software security in the antivirus world, something that has been noted by researchers.To read this article in full or to leave a comment, please click here
A Google security researcher has found high severity vulnerabilities in enterprise and consumer products from antivirus vendor Symantec that could be easily be exploited by hackers to take control of computers.Symantec released patches for the affected products, but while some products were updated automatically, some affected enterprise products could require manual intervention.The flaws were found by Tavis Ormandy, a researcher with Google's Project Zero team who has found similar vulnerabilities in antivirus products from other vendors. They highlight the poor state of software security in the antivirus world, something that has been noted by researchers.To read this article in full or to leave a comment, please click here
Attackers have compromised more than 25,000 digital video recorders and CCTV cameras and are using them to launch distributed denial-of-service (DDoS) attacks against websites.One such attack, recently observed by researchers from Web security firm Sucuri, targeted the website of one of the company's customers: a small bricks-and-mortar jewelry shop.The attack flooded the website with about 50,000 HTTP requests per second at its peak, targeting what specialists call the application layer, or layer 7. These attacks can easily cripple a small website because the infrastructure typically provisioned for such websites can handle only a few hundred or thousand connections at the same time.To read this article in full or to leave a comment, please click here
Attackers have compromised more than 25,000 digital video recorders and CCTV cameras and are using them to launch distributed denial-of-service (DDoS) attacks against websites.One such attack, recently observed by researchers from Web security firm Sucuri, targeted the website of one of the company's customers: a small bricks-and-mortar jewelry shop.The attack flooded the website with about 50,000 HTTP requests per second at its peak, targeting what specialists call the application layer, or layer 7. These attacks can easily cripple a small website because the infrastructure typically provisioned for such websites can handle only a few hundred or thousand connections at the same time.To read this article in full or to leave a comment, please click here
Attackers have compromised more than 25,000 digital video recorders and CCTV cameras and are using them to launch distributed denial-of-service (DDoS) attacks against websites.One such attack, recently observed by researchers from Web security firm Sucuri, targeted the website of one of the company's customers: a small bricks-and-mortar jewelry shop.The attack flooded the website with about 50,000 HTTP requests per second at its peak, targeting what specialists call the application layer, or layer 7. These attacks can easily cripple a small website because the infrastructure typically provisioned for such websites can handle only a few hundred or thousand connections at the same time.To read this article in full or to leave a comment, please click here
A new ransomware program making the rounds uses a simple, yet effective technique to make user files inaccessible: locking them in password-protected ZIP archives.The new threat is called Bart and shares some similarities -- in the ransom note in particular -- with Locky, a much more widespread ransomware program. It is distributed through spam emails that masquerade as photos.The emails have ZIP attachments that contain JavaScript files. These files can be run directly on Windows without the need of additional software and are an increasingly common way to distribute malware.To read this article in full or to leave a comment, please click here
A new ransomware program making the rounds uses a simple, yet effective technique to make user files inaccessible: locking them in password-protected ZIP archives.The new threat is called Bart and shares some similarities -- in the ransom note in particular -- with Locky, a much more widespread ransomware program. It is distributed through spam emails that masquerade as photos.The emails have ZIP attachments that contain JavaScript files. These files can be run directly on Windows without the need of additional software and are an increasingly common way to distribute malware.To read this article in full or to leave a comment, please click here
After repeated attacks, the U.S. Internal Revenue Service has decided to retire a Web-based tool for obtaining PINs that taxpayers could use to file tax returns electronically.The Electronic Filing (E-file) PINs Web application is no longer available on the IRS website "because of questionable activity," the agency announced last week.In February, the IRS disclosed that hackers used stolen taxpayer information like names, Social Security numbers, dates of birth and full addresses in order to obtain E-file PINs through its website.To read this article in full or to leave a comment, please click here
After repeated attacks, the U.S. Internal Revenue Service has decided to retire a Web-based tool for obtaining PINs that taxpayers could use to file tax returns electronically.
The Electronic Filing (E-file) PINs Web application is no longer available on the IRS website "because of questionable activity," the agency announced last week.
In February, the IRS disclosed that hackers used stolen taxpayer information like names, Social Security numbers, dates of birth and full addresses in order to obtain E-file PINs through its website.To read this article in full or to leave a comment, please click here
Lenovo has fixed two high-severity vulnerabilities in the Lenovo Solution Center support tool that is preinstalled on many laptop and desktop PCs. The flaws could allow attackers to take over computers and terminate antivirus processes.Lenovo Solution Center (LSC) allows users to check their system's virus and firewall status, update their Lenovo software, perform backups, check battery health, get registration and warranty information and run hardware tests.The two new vulnerabilities, tracked as CVE-2016-5249 and CVE-2016-5248 in the Common Vulnerabilities and Exposures database, were found by security researchers from Trustwave. They affect LSC versions 3.3.002 and earlier.To read this article in full or to leave a comment, please click here
Lenovo has fixed two high-severity vulnerabilities in the Lenovo Solution Center support tool that is preinstalled on many laptop and desktop PCs. The flaws could allow attackers to take over computers and terminate antivirus processes.Lenovo Solution Center (LSC) allows users to check their system's virus and firewall status, update their Lenovo software, perform backups, check battery health, get registration and warranty information and run hardware tests.The two new vulnerabilities, tracked as CVE-2016-5249 and CVE-2016-5248 in the Common Vulnerabilities and Exposures database, were found by security researchers from Trustwave. They affect LSC versions 3.3.002 and earlier.To read this article in full or to leave a comment, please click here
A hybrid Trojan program created for financial fraud has started redirecting users of four large U.S. banks to rogue websites in order to hijack their accounts.GozNym is a relatively new threat, first discovered in April, and is based on the Nymaim malware dropper and the Gozi banking Trojan. Like most banking Trojans, GozNym can inject rogue code into banking websites displayed in local browsers in order to steal credentials and other sensitive information.However, in addition to this old technique, the cybercrime gang behind it has also built the necessary infrastructure to host rogue copies of banking websites, and they've started to redirect victims there.To read this article in full or to leave a comment, please click here
A hybrid Trojan program created for financial fraud has started redirecting users of four large U.S. banks to rogue websites in order to hijack their accounts.GozNym is a relatively new threat, first discovered in April, and is based on the Nymaim malware dropper and the Gozi banking Trojan. Like most banking Trojans, GozNym can inject rogue code into banking websites displayed in local browsers in order to steal credentials and other sensitive information.However, in addition to this old technique, the cybercrime gang behind it has also built the necessary infrastructure to host rogue copies of banking websites, and they've started to redirect victims there.To read this article in full or to leave a comment, please click here
The prevalence of ransomware programs, both those that encrypt data and those that don't, has exploded over the past two years, with companies being increasingly targeted.Based on an analysis by security vendor Kaspersky Lab, more than 2.3 million users encountered ransomware between April 2015 and March, a jump of almost 18 percent over the previous 12 months.This includes programs that only lock the computer's screen to prevent its use as well as those that hold the data itself hostage by encrypting it -- the so-called cryptors. The rise of cryptors in particular has been significant, accounting for 32 percent of all ransomware attacks last year compared to only 7 percent the year before, according to Kaspersky Lab.To read this article in full or to leave a comment, please click here
Lucian Constantin