Security researchers have found a new memory-scraping malware program that steals payment card data from point-of-sale (PoS) terminals and sends it back to attackers using the Domain Name System (DNS).Dubbed Multigrain, the threat is part of a family of malware programs known as NewPosThings, with which it shares some code. However, this variant was designed to target specific environments.That's because unlike other PoS malware programs that look for card data in the memory of many processes, Multigrain targets a single process called multi.exe that's associated with a popular back-end card authorization and PoS server. If this process is not running on the compromised machine, the infection routine exists and the malware deletes itself.To read this article in full or to leave a comment, please click here
Oracle has released another monster quarterly security update containing 136 fixes for flaws in a wide range of products including Oracle Database Server, E-Business Suite, Fusion Middleware, Oracle Sun Products, Java and MySQL.The biggest change is Oracle's adoption of the Common Vulnerability Scoring System (CVSS) version 3.0, which more accurately reflects the impact of flaws than CVSS 2.0. This Oracle Critical Patch Update (CPU) has both CVSS 3.0 and CVSS 2.0 scores for vulnerabilities, providing a chance to compare how the new rating system might affect Oracle patch prioritization inside organizations.To read this article in full or to leave a comment, please click here
Oracle has released another monster quarterly security update containing 136 fixes for flaws in a wide range of products including Oracle Database Server, E-Business Suite, Fusion Middleware, Oracle Sun Products, Java and MySQL.The biggest change is Oracle's adoption of the Common Vulnerability Scoring System (CVSS) version 3.0, which more accurately reflects the impact of flaws than CVSS 2.0. This Oracle Critical Patch Update (CPU) has both CVSS 3.0 and CVSS 2.0 scores for vulnerabilities, providing a chance to compare how the new rating system might affect Oracle patch prioritization inside organizations.To read this article in full or to leave a comment, please click here
The OS X command line developer tools include an old version of the Git source code management system that exposes Mac users to remote code execution attacks.The Git client allows developers to interact with source code repositories. It is not installed by default on Mac OS X, but it is included in the Command Line Tools package for Xcode, Apple's integrated development environment (IDE).Software developers who create applications for OS X or iOS are likely to use Xcode and to have Apple's Command Line Tools package installed on their Macs. The latest version of this package includes Git version 2.6.4, released in December.To read this article in full or to leave a comment, please click here
The OS X command line developer tools include an old version of the Git source code management system that exposes Mac users to remote code execution attacks.The Git client allows developers to interact with source code repositories. It is not installed by default on Mac OS X, but it is included in the Command Line Tools package for Xcode, Apple's integrated development environment (IDE).Software developers who create applications for OS X or iOS are likely to use Xcode and to have Apple's Command Line Tools package installed on their Macs. The latest version of this package includes Git version 2.6.4, released in December.To read this article in full or to leave a comment, please click here
Viber, a popular instant messaging and Voice-over-IP service provider with more than 700 million users, has implemented end-to-end encryption to protect its customers' communications against snooping.The move comes after Facebook-owned WhatsApp turned on full end-to-end encryption earlier this month, bringing secure and private instant messaging into the mainstream.The majority of IM apps have long encrypted the communications between users' devices and their own servers. However, in such a configuration, the service providers themselves can still read communications as they pass through their servers to get routed to the intended recipients.To read this article in full or to leave a comment, please click here
Viber, a popular instant messaging and Voice-over-IP service provider with more than 700 million users, has implemented end-to-end encryption to protect its customers' communications against snooping.The move comes after Facebook-owned WhatsApp turned on full end-to-end encryption earlier this month, bringing secure and private instant messaging into the mainstream.The majority of IM apps have long encrypted the communications between users' devices and their own servers. However, in such a configuration, the service providers themselves can still read communications as they pass through their servers to get routed to the intended recipients.To read this article in full or to leave a comment, please click here
Almost a year after Italian surveillance software maker Hacking Team had its internal emails and files leaked online, the hacker responsible for the breach published a full account of how he infiltrated the company's network.The document published Saturday by the hacker known online as Phineas Fisher is intended as a guide for other hacktivists, but also shines a light on how hard it is for any company to defend itself against a determined and skillful attacker.The hacker linked to Spanish and English versions of his write-up from a parody Twitter account called @GammaGroupPR that he set up in 2014 to promote his breach of Gamma International, another surveillance software vendor. He used the same account to promote the Hacking Team attack in July 2015.To read this article in full or to leave a comment, please click here
Almost a year after Italian surveillance software maker Hacking Team had its internal emails and files leaked online, the hacker responsible for the breach published a full account of how he infiltrated the company's network.The document published Saturday by the hacker known online as Phineas Fisher is intended as a guide for other hacktivists, but also shines a light on how hard it is for any company to defend itself against a determined and skillful attacker.The hacker linked to Spanish and English versions of his write-up from a parody Twitter account called @GammaGroupPR that he set up in 2014 to promote his breach of Gamma International, another surveillance software vendor. He used the same account to promote the Hacking Team attack in July 2015.To read this article in full or to leave a comment, please click here
A group of cybercriminals have combined two powerful malware programs to create a new online banking Trojan that has already stolen millions of dollars from customers of 24 U.S. and Canadian banks.The new threat has been dubbed GozNym by researchers from IBM X-Force because it combines the stealthy Nymaim malware and the Gozi banking Trojan.The new computer Trojan targets 22 websites that belong to banks, credit unions and e-commerce platforms based in the U.S., and two that belong to financial institutions from Canada. Business banking services appear to be a top target for GozNym's creators, according to the IBM researchers.Nymaim is what researchers call a dropper. Its purpose is to download and run other malware programs on infected computers. It is usually distributed through Web-based exploits launched from compromised websites.To read this article in full or to leave a comment, please click here
A group of cybercriminals have combined two powerful malware programs to create a new online banking Trojan that has already stolen millions of dollars from customers of 24 U.S. and Canadian banks.The new threat has been dubbed GozNym by researchers from IBM X-Force because it combines the stealthy Nymaim malware and the Gozi banking Trojan.The new computer Trojan targets 22 websites that belong to banks, credit unions and e-commerce platforms based in the U.S., and two that belong to financial institutions from Canada. Business banking services appear to be a top target for GozNym's creators, according to the IBM researchers.Nymaim is what researchers call a dropper. Its purpose is to download and run other malware programs on infected computers. It is usually distributed through Web-based exploits launched from compromised websites.To read this article in full or to leave a comment, please click here
Ransomware authors are using the bitcoin blockchain, which serves as the cryptocurrency's public transaction ledger, to deliver decryption keys to victims.The technique, which removes the burden of maintaining a reliable website-based infrastructure for cybercriminals, was observed in a recent version of the CTB-Locker ransomware that targets Web servers.CTB-Locker has targeted Windows computers for a long time, but a PHP-based variant capable of infecting websites first appeared in February, marking an interesting evolution of this ransomware threat.The decryption routine in the original PHP-based CTB-Locker version involved a script called access.php that served as a gateway to the attackers' back-end server. This gateway script was hosted on multiple hacked websites and was necessary to obtain the decryption key after victims made a payment.To read this article in full or to leave a comment, please click here
Ransomware authors are using the bitcoin blockchain, which serves as the cryptocurrency's public transaction ledger, to deliver decryption keys to victims.The technique, which removes the burden of maintaining a reliable website-based infrastructure for cybercriminals, was observed in a recent version of the CTB-Locker ransomware that targets Web servers.CTB-Locker has targeted Windows computers for a long time, but a PHP-based variant capable of infecting websites first appeared in February, marking an interesting evolution of this ransomware threat.The decryption routine in the original PHP-based CTB-Locker version involved a script called access.php that served as a gateway to the attackers' back-end server. This gateway script was hosted on multiple hacked websites and was necessary to obtain the decryption key after victims made a payment.To read this article in full or to leave a comment, please click here
Alongside its batch of mandatory security patches released Tuesday, Microsoft also issued an optional update aimed at protecting Windows computers against an attack that could hijack wireless mice to execute malicious commands.The attack, dubbed MouseJack, affects wireless mice and keyboards from many manufacturers, including Microsoft. It was discovered and presented earlier this year by security researchers from IoT security firm Bastille Networks.MouseJack exploits several vulnerabilities in the communications protocols between the USB dongles plugged into computers and the wireless mice and keyboards that are paired with them. These flaws allow attackers to spoof a wireless mouse from up to 100 meters away and send rogue keystrokes instead of clicks to a computer.To read this article in full or to leave a comment, please click here
Alongside its batch of mandatory security patches released Tuesday, Microsoft also issued an optional update aimed at protecting Windows computers against an attack that could hijack wireless mice to execute malicious commands.The attack, dubbed MouseJack, affects wireless mice and keyboards from many manufacturers, including Microsoft. It was discovered and presented earlier this year by security researchers from IoT security firm Bastille Networks.MouseJack exploits several vulnerabilities in the communications protocols between the USB dongles plugged into computers and the wireless mice and keyboards that are paired with them. These flaws allow attackers to spoof a wireless mouse from up to 100 meters away and send rogue keystrokes instead of clicks to a computer.To read this article in full or to leave a comment, please click here
The FBI reportedly paid professional hackers a one-time fee for a previously unknown vulnerability that allowed the agency to unlock the iPhone of San Bernardino shooter.The exploit allowed the FBI to build a device capable of brute-forcing the iPhone's PIN without triggering a security measure that would have wiped all of its data, the Washington Post reported Tuesday, citing unnamed sources familiar with the matter.The hackers who provided the exploit to the FBI find software vulnerabilities and sometimes sell them to the U.S. government, the newspaper reported.To read this article in full or to leave a comment, please click here
The FBI reportedly paid professional hackers a one-time fee for a previously unknown vulnerability that allowed the agency to unlock the iPhone of San Bernardino shooter.The exploit allowed the FBI to build a device capable of brute-forcing the iPhone's PIN without triggering a security measure that would have wiped all of its data, the Washington Post reported Tuesday, citing unnamed sources familiar with the matter.The hackers who provided the exploit to the FBI find software vulnerabilities and sometimes sell them to the U.S. government, the newspaper reported.To read this article in full or to leave a comment, please click here
Microsoft and the Samba project fixed a vulnerability in their implementation of the SMB/CIFS protocol after the flaw was initially announced three weeks ago under the name Badlock.The vulnerability, covered by Microsoft in its MS16-047 security bulletin published Tuesday, was also fixed in Samba 4.4.2, 4.3.8 and 4.2.11. It could allow a man-in-the-middle attacker to impersonate an authenticated user and execute arbitrary network calls to the server, possibly with administrative privileges.Badlock's existence was announced on March 22 by a company called SerNet, which offers Samba consulting, support and development services. It employs the person who found the flaw: a Samba development team member named Stefan Metzmacher.To read this article in full or to leave a comment, please click here
Microsoft and the Samba project fixed a vulnerability in their implementation of the SMB/CIFS protocol after the flaw was initially announced three weeks ago under the name Badlock.
The vulnerability, covered by Microsoft in its MS16-047 security bulletin published Tuesday, was also fixed in Samba 4.4.2, 4.3.8 and 4.2.11. It could allow a man-in-the-middle attacker to impersonate an authenticated user and execute arbitrary network calls to the server, possibly with administrative privileges.
Badlock's existence was announced on March 22 by a company called SerNet, which offers Samba consulting, support and development services. It employs the person who found the flaw: a Samba development team member named Stefan Metzmacher.To read this article in full or to leave a comment, please click here
Understanding how to buy bitcoins and pay ransomware authors for decryption keys is hard enough, yet some cybercriminals now expect their victims to do it in under an hour if they want all of their files back.A new ransomware program dubbed Jigsaw encrypts users' files and then begins to progressively delete them until the victim pays the equivalent of $150 in Bitcoin cryptocurrency.The ransomware deletes one file after the first hour has passed and then increases the number of files it deletes in every 60-minutes cycle. If no payment has been made within 72 hours, all remaining files will be deleted.MORE ON NETWORK WORLD: 6 simple tricks for protecting your passwords
"Try anything funny and the computer has several safety measures to delete your files," the program's creators warn in their ransom message that's accompanied by a picture of the Jigsaw killer's mask from the horror film series Saw.To read this article in full or to leave a comment, please click here
Lucian Constantin