In a case of no honor among thieves, a group of attackers has found a way to hijack the Petya ransomware and use it in targeted attacks against companies without the program creators' knowledge.A computer Trojan dubbed PetrWrap, being used in attacks against enterprise networks, installs Petya on computers and then patches it on the fly to suit its needs, according to security researchers from antivirus vendor Kaspersky Lab.The Trojan uses programmatic methods to trick Petya to use a different encryption key than the one its original creators have embedded inside its code. This ensures that only the PetrWrap attackers can restore the affected computers to their previous state.To read this article in full or to leave a comment, please click here
After Edward Snowden revealed that online communications were being collected en masse by some of the world's most powerful intelligence agencies, security experts called for encryption of the entire web. Four years later, it looks like we've passed the tipping point.
The number of websites supporting HTTPS -- HTTP over encrypted SSL/TLS connections -- has skyrocketed over the past year. There are many benefits to turning on encryption, so if your website not yet support the technology it's time to make the move.
Recent telemetry data from Google Chrome and Mozilla Firefox shows that over 50 percent of web traffic is now encrypted, both on computers and mobile devices. Most of that traffic goes to a few large websites, but even so, it's a jump of over 10 percentage points since a year ago.To read this article in full or to leave a comment, please click here
Following the recent revelations about the U.S. Central Intelligence Agency's cyberespionage arsenal, software vendors reiterated their commitments to fix vulnerabilities in a timely manner and told users that many of the flaws described in the agency's leaked documents have been fixed.While these assurances are understandable from a public relations perspective, they don't really change anything, especially for companies and users that are the target of state-sponsored hackers. The software they use is not less safe, nor better protected, than it was before WikiLeaks published the 8,700-plus CIA documents last Tuesday.To read this article in full or to leave a comment, please click here
Following the recent revelations about the U.S. Central Intelligence Agency's cyberespionage arsenal, software vendors reiterated their commitments to fix vulnerabilities in a timely manner and told users that many of the flaws described in the agency's leaked documents have been fixed.While these assurances are understandable from a public relations perspective, they don't really change anything, especially for companies and users that are the target of state-sponsored hackers. The software they use is not less safe, nor better protected, than it was before WikiLeaks published the 8,700-plus CIA documents last Tuesday.To read this article in full or to leave a comment, please click here
Intel Security has released a tool that allows users to check if their computer's low-level system firmware has been modified and contains unauthorized code.The release comes after CIA documents leaked Tuesday revealed that the agency has developed EFI (Extensible Firmware Interface) rootkits for Apple's Macbooks. A rootkit is a malicious program that runs with high privileges -- typically in the kernel -- and hides the existence of other malicious components and activities.The documents from CIA's Embedded Development Branch (EDB) mention an OS X "implant" called DerStarke that includes a kernel code injection module dubbed Bokor and an EFI persistence module called DarkMatter.To read this article in full or to leave a comment, please click here
Intel Security has released a tool that allows users to check if their computer's low-level system firmware has been modified and contains unauthorized code.The release comes after CIA documents leaked Tuesday revealed that the agency has developed EFI (Extensible Firmware Interface) rootkits for Apple's Macbooks. A rootkit is a malicious program that runs with high privileges -- typically in the kernel -- and hides the existence of other malicious components and activities.The documents from CIA's Embedded Development Branch (EDB) mention an OS X "implant" called DerStarke that includes a kernel code injection module dubbed Bokor and an EFI persistence module called DarkMatter.To read this article in full or to leave a comment, please click here
Attackers are widely exploiting a recently patched vulnerability in Apache Struts that allows them to remotely execute malicious code on web servers.Apache Struts is an open-source web development framework for Java web applications. It's widely used to build corporate websites in sectors including education, government, financial services, retail and media.On Monday, the Apache Struts developers fixed a high-impact vulnerability in the framework's Jakarta Multipart parser. Hours later, an exploit for the flaw appeared on Chinese-language websites and this was almost immediately followed by real-world attacks, according to researchers from Cisco Systems.To read this article in full or to leave a comment, please click here
Attackers are widely exploiting a recently patched vulnerability in Apache Struts that allows them to remotely execute malicious code on web servers.Apache Struts is an open-source web development framework for Java web applications. It's widely used to build corporate websites in sectors including education, government, financial services, retail and media.On Monday, the Apache Struts developers fixed a high-impact vulnerability in the framework's Jakarta Multipart parser. Hours later, an exploit for the flaw appeared on Chinese-language websites and this was almost immediately followed by real-world attacks, according to researchers from Cisco Systems.To read this article in full or to leave a comment, please click here
Purported CIA documents leaked Tuesday appear to confirm that the U.S. National Security Agency and one of CIA's own divisions were responsible for the malware tools and operations attributed to a group that security researchers have dubbed the Equation.The Equation's cyberespionage activities were documented in February 2015 by researchers from antivirus vendor Kaspersky Lab. It is widely considered to be the most advanced cyberespionage group in the world based on the sophistication of its tools and the length of its operations, some possibly dating as far back as 1996.To read this article in full or to leave a comment, please click here
Purported CIA documents leaked Tuesday appear to confirm that the U.S. National Security Agency and one of CIA's own divisions were responsible for the malware tools and operations attributed to a group that security researchers have dubbed the Equation.
The Equation's cyberespionage activities were documented in February 2015 by researchers from antivirus vendor Kaspersky Lab. It is widely considered to be the most advanced cyberespionage group in the world based on the sophistication of its tools and the length of its operations, some possibly dating as far back as 1996.To read this article in full or to leave a comment, please click here
The U.S. Central Intelligence Agency documents published by WikiLeaks Tuesday shows that one of the agency's teams specializes in reusing bits of code and techniques from public malware samples.According to the leaked documents the Umbrage team is part of the Remote Development Branch under the CIA's Center for Cyber Intelligence. It maintains a library of techniques borrowed from in-the-wild malware that could be integrated into its own projects.To read this article in full or to leave a comment, please click here
The U.S. Central Intelligence Agency documents published by WikiLeaks Tuesday shows that one of the agency's teams specializes in reusing bits of code and techniques from public malware samples.According to the leaked documents the Umbrage team is part of the Remote Development Branch under the CIA's Center for Cyber Intelligence. It maintains a library of techniques borrowed from in-the-wild malware that could be integrated into its own projects.To read this article in full or to leave a comment, please click here
A five-month-old flaw in Android's SSL cryptographic libraries is among the 35 critical vulnerabilities Google fixed in its March security patches for the mobile OS.The first set of patches, known as patch level 2017-03-01, is common to all patched phones and contains fixes for 36 vulnerabilities, 11 of which are rated critical and 15 high. Android vulnerabilities rated critical are those that can be exploited to execute malicious code in the context of a privileged process or the kernel, potentially leading to a full device compromise.One of the patched vulnerabilities is located in the OpenSSL cryptographic library and also affects Google's newer BoringSSL library, which is based on OpenSSL. What's interesting is that the flaw, identified as CVE-2016-2182, was patched in OpenSSL back in September. It can be exploited by forcing the library to process an overly large certificate or certificate revocation list from an untrusted source.To read this article in full or to leave a comment, please click here
A five-month-old flaw in Android's SSL cryptographic libraries is among the 35 critical vulnerabilities Google fixed in its March security patches for the mobile OS.The first set of patches, known as patch level 2017-03-01, is common to all patched phones and contains fixes for 36 vulnerabilities, 11 of which are rated critical and 15 high. Android vulnerabilities rated critical are those that can be exploited to execute malicious code in the context of a privileged process or the kernel, potentially leading to a full device compromise.One of the patched vulnerabilities is located in the OpenSSL cryptographic library and also affects Google's newer BoringSSL library, which is based on OpenSSL. What's interesting is that the flaw, identified as CVE-2016-2182, was patched in OpenSSL back in September. It can be exploited by forcing the library to process an overly large certificate or certificate revocation list from an untrusted source.To read this article in full or to leave a comment, please click here
The U.S. Department of Justice is asking a federal court to dismiss its indictment in a case that involves a child porn site known as Playpen after a judge asked the government to disclose the hacking technique it used to gather evidence."The government must now choose between disclosure of classified information and dismissal of its indictment," the DOJ said in a court filing Friday. "Disclosure is not currently an option."The case involves Jay Michaud, a school administrator from Vancouver, Washington, who was arrested in July 2015 for allegedly viewing child porn images on Playpen. Michaud's case was one of at least 137 cases brought throughout the U.S. in relation to Playpen, a website that operated on the Tor anonymity network and which the FBI managed to seize in 2015.To read this article in full or to leave a comment, please click here
The U.S. Department of Justice is asking a federal court to dismiss its indictment in a case that involves a child porn site known as Playpen after a judge asked the government to disclose the hacking technique it used to gather evidence."The government must now choose between disclosure of classified information and dismissal of its indictment," the DOJ said in a court filing Friday. "Disclosure is not currently an option."The case involves Jay Michaud, a school administrator from Vancouver, Washington, who was arrested in July 2015 for allegedly viewing child porn images on Playpen. Michaud's case was one of at least 137 cases brought throughout the U.S. in relation to Playpen, a website that operated on the Tor anonymity network and which the FBI managed to seize in 2015.To read this article in full or to leave a comment, please click here
HackerOne, the company behind one of the most popular vulnerability coordination and bug bounty platforms, has decided to make its professional service available to open-source projects for free."Here at HackerOne, open source runs through our veins," the company's representatives said in a blog post. "Our company, product, and approach is built on, inspired by, and driven by open source and a culture of collaborative software development. As such, we want to give something back."HackerOne is a platform that makes it easier for companies to interact with security researchers, triage their reports, and reward them. Very few companies have the necessary resources to build and maintain bug bounty programs on their own with all the logistics that such efforts involve, much less so open-source projects that are mostly funded through donations.To read this article in full or to leave a comment, please click here
HackerOne, the company behind one of the most popular vulnerability coordination and bug bounty platforms, has decided to make its professional service available to open-source projects for free."Here at HackerOne, open source runs through our veins," the company's representatives said in a blog post. "Our company, product, and approach is built on, inspired by, and driven by open source and a culture of collaborative software development. As such, we want to give something back."HackerOne is a platform that makes it easier for companies to interact with security researchers, triage their reports, and reward them. Very few companies have the necessary resources to build and maintain bug bounty programs on their own with all the logistics that such efforts involve, much less so open-source projects that are mostly funded through donations.To read this article in full or to leave a comment, please click here
Targeted attacks are moving away from traditional malware to stealthier techniques that involve abusing standard system tools and protocols, some of which are not always monitored.The latest example is an attack dubbed DNSMessenger, which was analyzed by researchers from Cisco Systems' Talos team. The attack starts with a malicious Microsoft Word document distributed through an email phishing campaign.When opened, the file masquerades as a "protected document" secured by McAfee, an antivirus brand now owned by Intel Security. The user is asked to click on the enable content button in order to view the document's content, but doing so will actually execute malicious scripting embedded within.To read this article in full or to leave a comment, please click here
Targeted attacks are moving away from traditional malware to stealthier techniques that involve abusing standard system tools and protocols, some of which are not always monitored.The latest example is an attack dubbed DNSMessenger, which was analyzed by researchers from Cisco Systems' Talos team. The attack starts with a malicious Microsoft Word document distributed through an email phishing campaign.When opened, the file masquerades as a "protected document" secured by McAfee, an antivirus brand now owned by Intel Security. The user is asked to click on the enable content button in order to view the document's content, but doing so will actually execute malicious scripting embedded within.To read this article in full or to leave a comment, please click here
Lucian Constantin