A sophisticated Russian cyberespionage group is readying attacks against Mac users and has recently ported its Windows backdoor program to macOS.The group, known in the security industry as Snake, Turla or Uroburos, has been active since at least 2007 and has been responsible for some of the most complex cyberespionage attacks. It targets government entities, intelligence agencies, embassies, military organizations, research and academic institutions and large corporations."Compared to other prolific attackers with alleged ties to Russia, such as APT28 (Fancy Bear) and APT29 (Cozy Bear), Snake’s code is significantly more sophisticated, it’s infrastructure more complex and targets more carefully selected," researchers from Dutch cybsersecurity firm Fox-IT said in a blog post Wednesday.To read this article in full or to leave a comment, please click here
When Microsoft made it possible for enterprises to quickly resolve incompatibilities between their applications and new Windows versions, it didn't intend to help malware authors as well. Yet, this feature is now abused by cybercriminals for stealthy and persistent malware infections.The Windows Application Compatibility Infrastructure allows companies and application developers to create patches, known as shims. These consist of libraries that sit between applications and the OS and rewrite API calls and other attributes so that those programs can run well on newer versions of Windows.Shims are temporary fixes that can make older programs work even if Microsoft changes how Windows does certain things under the hood. They can be deployed to computers through Group Policy and are loaded when the target applications start.To read this article in full or to leave a comment, please click here
When Microsoft made it possible for enterprises to quickly resolve incompatibilities between their applications and new Windows versions, it didn't intend to help malware authors as well. Yet, this feature is now abused by cybercriminals for stealthy and persistent malware infections.The Windows Application Compatibility Infrastructure allows companies and application developers to create patches, known as shims. These consist of libraries that sit between applications and the OS and rewrite API calls and other attributes so that those programs can run well on newer versions of Windows.Shims are temporary fixes that can make older programs work even if Microsoft changes how Windows does certain things under the hood. They can be deployed to computers through Group Policy and are loaded when the target applications start.To read this article in full or to leave a comment, please click here
The Xen Project has fixed three vulnerabilities in its widely used hypervisor that could allow operating systems running inside virtual machines to access the memory of the host systems, breaking the critical security layer among them.Two of the patched vulnerabilities can only be exploited under certain conditions, which limits their use in potential attacks, but one is a highly reliable flaw that poses a serious threat to multitenant data centers where the customers' virtualized servers share the same underlying hardware.The flaws don't yet have CVE tracking numbers, but are covered in three Xen security advisories called XSA-213, XSA-214 and XSA-215.To read this article in full or to leave a comment, please click here
The Xen Project has fixed three vulnerabilities in its widely used hypervisor that could allow operating systems running inside virtual machines to access the memory of the host systems, breaking the critical security layer among them.Two of the patched vulnerabilities can only be exploited under certain conditions, which limits their use in potential attacks, but one is a highly reliable flaw that poses a serious threat to multitenant data centers where the customers' virtualized servers share the same underlying hardware.The flaws don't yet have CVE tracking numbers, but are covered in three Xen security advisories called XSA-213, XSA-214 and XSA-215.To read this article in full or to leave a comment, please click here
The Xen Project has fixed three vulnerabilities in its widely used hypervisor that could allow operating systems running inside virtual machines to access the memory of the host systems, breaking the critical security layer among them.Two of the patched vulnerabilities can only be exploited under certain conditions, which limits their use in potential attacks, but one is a highly reliable flaw that poses a serious threat to multitenant data centers where the customers' virtualized servers share the same underlying hardware.The flaws don't yet have CVE tracking numbers, but are covered in three Xen security advisories called XSA-213, XSA-214 and XSA-215.To read this article in full or to leave a comment, please click here
There's now a new tool that could allow companies to quickly block communications between malware programs and their frequently changing command-and-control servers.Threat intelligence company Recorded Future has partnered with Shodan, a search engine for internet-connected devices and services, to create a new online crawler called Malware Hunter.The new service continuously scans the internet to find control panels for over ten different remote access Trojan (RAT) programs, including Gh0st RAT, DarkComet, njRAT, ZeroAccess and XtremeRAT. These are commercial malware tools sold on underground forums and are used by cybercriminals to take complete control of compromised computers.To read this article in full or to leave a comment, please click here
There's now a new tool that could allow companies to quickly block communications between malware programs and their frequently changing command-and-control servers.Threat intelligence company Recorded Future has partnered with Shodan, a search engine for internet-connected devices and services, to create a new online crawler called Malware Hunter.The new service continuously scans the internet to find control panels for over ten different remote access Trojan (RAT) programs, including Gh0st RAT, DarkComet, njRAT, ZeroAccess and XtremeRAT. These are commercial malware tools sold on underground forums and are used by cybercriminals to take complete control of compromised computers.To read this article in full or to leave a comment, please click here
Android is getting security fixes for more than 100 vulnerabilities, including 29 critical flaws in the media processing server, hardware-specific drivers and other components.Android's monthly security bulletin, published Monday, was split into two "patch levels," which are represented as date strings on the "About" page of Android devices.The 2017-05-01 security patch level covers fixes for vulnerabilities that are common to all Android devices while the 2017-05-05 level covers additional fixes for hardware drivers and kernel components that are present only in some devices.To read this article in full or to leave a comment, please click here
Android is getting security fixes for more than 100 vulnerabilities, including 29 critical flaws in the media processing server, hardware-specific drivers and other components.Android's monthly security bulletin, published Monday, was split into two "patch levels," which are represented as date strings on the "About" page of Android devices.The 2017-05-01 security patch level covers fixes for vulnerabilities that are common to all Android devices while the 2017-05-05 level covers additional fixes for hardware drivers and kernel components that are present only in some devices.To read this article in full or to leave a comment, please click here
A new malware program that targets macOS users is capable of spying on encrypted browser traffic to steal sensitive information.The new program, dubbed OSX/Dok by researchers from Check Point Software Technologies, was distributed via email phishing campaigns to users in Europe.One of the rogue emails was crafted to look as if it was sent by a Swiss government agency warning recipients about apparent errors in their tax returns. The malware was attached to the email as a file called Dokument.zip.What makes OSX/Dok interesting is that it was digitally signed with a valid Apple developer certificate. These certificates are issued by Apple to members of its developer program and are needed to publish applications in the official Mac App Store.To read this article in full or to leave a comment, please click here
A new malware program that targets macOS users is capable of spying on encrypted browser traffic to steal sensitive information.The new program, dubbed OSX/Dok by researchers from Check Point Software Technologies, was distributed via email phishing campaigns to users in Europe.One of the rogue emails was crafted to look as if it was sent by a Swiss government agency warning recipients about apparent errors in their tax returns. The malware was attached to the email as a file called Dokument.zip.What makes OSX/Dok interesting is that it was digitally signed with a valid Apple developer certificate. These certificates are issued by Apple to members of its developer program and are needed to publish applications in the official Mac App Store.To read this article in full or to leave a comment, please click here
Hundreds of thousands of internet gateway devices around the world, primarily residential cable modems, are vulnerable to hacking because of a serious weakness in their Simple Network Management Protocol implementation.SNMP is used for automated network device identification, monitoring and remote configuration. It is supported and enabled by default in many devices, including servers, printers, networking hubs, switches and routers.Independent researchers Ezequiel Fernandez and Bertin Bervis recently found a way to bypass SNMP authentication on 78 models of cable modems that ISPs from around the world have provided to their customers.Their internet scans revealed hundreds of thousands of devices whose configurations could be changed remotely through the SNMP weakness that they found and dubbed StringBleed.To read this article in full or to leave a comment, please click here
Hundreds of thousands of internet gateway devices around the world, primarily residential cable modems, are vulnerable to hacking because of a serious weakness in their Simple Network Management Protocol implementation.SNMP is used for automated network device identification, monitoring and remote configuration. It is supported and enabled by default in many devices, including servers, printers, networking hubs, switches and routers.Independent researchers Ezequiel Fernandez and Bertin Bervis recently found a way to bypass SNMP authentication on 78 models of cable modems that ISPs from around the world have provided to their customers.Their internet scans revealed hundreds of thousands of devices whose configurations could be changed remotely through the SNMP weakness that they found and dubbed StringBleed.To read this article in full or to leave a comment, please click here
Hundreds of thousands of internet gateway devices around the world, primarily residential cable modems, are vulnerable to hacking because of a serious weakness in their Simple Network Management Protocol implementation.SNMP is used for automated network device identification, monitoring and remote configuration. It is supported and enabled by default in many devices, including servers, printers, networking hubs, switches and routers.Independent researchers Ezequiel Fernandez and Bertin Bervis recently found a way to bypass SNMP authentication on 78 models of cable modems that ISPs from around the world have provided to their customers.Their internet scans revealed hundreds of thousands of devices whose configurations could be changed remotely through the SNMP weakness that they found and dubbed StringBleed.To read this article in full or to leave a comment, please click here
Many people are worried about putting smart internet-connected devices in their homes or offices because of flaws that could allow attackers into their private networks.Web optimization and security firm Cloudflare is trying to alleviate those fears with a new service that could allow internet-of-things manufacturers to protect devices from attacks and deploy patches much quicker.Cloudflare's content delivery network is used by millions of people and companies to increase the performance of their websites and to protect them from malicious traffic. The company's servers work as invisible proxies between websites and visitors, providing on-the-fly encryption and firewall protection.To read this article in full or to leave a comment, please click here
Many people are worried about putting smart internet-connected devices in their homes or offices because of flaws that could allow attackers into their private networks.Web optimization and security firm Cloudflare is trying to alleviate those fears with a new service that could allow internet-of-things manufacturers to protect devices from attacks and deploy patches much quicker.Cloudflare's content delivery network is used by millions of people and companies to increase the performance of their websites and to protect them from malicious traffic. The company's servers work as invisible proxies between websites and visitors, providing on-the-fly encryption and firewall protection.To read this article in full or to leave a comment, please click here
The mobile application that accompanies many Hyundai cars exposed sensitive information that could have allowed attackers to remotely locate, unlock, and start vehicles.The vulnerability was patched in the latest version of the mobile app released in March but was publicly disclosed on Tuesday. It is the latest in a string of flaws found over the past few years in the "smart" features added by vehicle manufacturers to their cars.The Hyundai issue was discovered by independent researchers William Hatzer and Arjun Kumar when analyzing the MyHyundai with Blue Link mobile app.Blue Link is a subscription-based technology that's available for many Hyundai car models released after 2012. It allows car owners to remotely locate their vehicles in case of theft, to remotely unlock them if they lose or misplace their keys, and even to remotely start or stop their engine when they're parked and locked.To read this article in full or to leave a comment, please click here
The mobile application that accompanies many Hyundai cars exposed sensitive information that could have allowed attackers to remotely locate, unlock, and start vehicles.The vulnerability was patched in the latest version of the mobile app released in March but was publicly disclosed on Tuesday. It is the latest in a string of flaws found over the past few years in the "smart" features added by vehicle manufacturers to their cars.The Hyundai issue was discovered by independent researchers William Hatzer and Arjun Kumar when analyzing the MyHyundai with Blue Link mobile app.Blue Link is a subscription-based technology that's available for many Hyundai car models released after 2012. It allows car owners to remotely locate their vehicles in case of theft, to remotely unlock them if they lose or misplace their keys, and even to remotely start or stop their engine when they're parked and locked.To read this article in full or to leave a comment, please click here
Users of Webroot's endpoint security product, consumers and businesses alike, had a nasty surprise Monday when the program started flagging Windows files as malicious.The reports quickly popped up on Twitter and continued on the Webroot community forum -- 14 pages and counting. The company came up with a manual fix to address the issue, but many users still had problems recovering their affected systems.The problem is what's known in the antivirus industry as a "false positive" -- a case where a clean file is flagged as malicious and is blocked or deleted. False positive incidents can range in impact from merely annoying -- for example, when a program cannot run anymore -- to crippling, where the OS itself is affected and no longer boots.To read this article in full or to leave a comment, please click here