Israeli company's spyware used to target corruption-fighting journalists and lawyers in Mexico

The NSO Group is an Israeli firm that describes itself as a "cyber warfare" company, dealing exclusively to governments, including the famously corrupt and dysfunctional government of Mexico. The NSO Group is presently for sale, with a $1 billion pricetag. Read the rest

Linux worm turns Raspberry Pis into cryptocurrency mining bots

Linux.MulDrop.14 is a Linux worm that seeks out networked Raspberry Pi systems with default root passwords; after taking them over and ZMap and sshpass, it begins mining an unspecified cryptocurrency, creating riches for the malware's author and handing you the power-bill. Read the rest

Russian malware communicates by leaving comments in Britney Spears's Instagram account

A key weakness in malicious software is the "Command and Control" (C&C) system: a central server that the malware-infected systems contact to receive updates and instructions, and to send stolen data. Anti-malware researchers like to reverse engineer malicious code, discover the C&C server's address, and then shut it down or blacklist it from corporate routers.

Read the rest

Yesterday's report of hardier Wcry retracted, but new versions found

Yesterday's report of a Wcry ransomware version that didn't have the killswitch that halted the worm's spread was retracted by Motherboard and Kaspersky Lab -- but today, France's Benkow computing document a new Wcry strain that has a different killswitch -- one that has already been registered, stopping the new strain. Read the rest

Ransomware hackers have stolen hospitals and doctors' offices across the UK, using a leaked NSA cyberweapon

25 NHS trusts and multiple doctors' practices in England and Scotland (but so far, not Northern Ireland or Wales) report that they have had to effectively shut down due to a massive Wcry ransomware infection that has stolen whole swathes of the English healthcare system in one go. The infection appears to exploit a bug that the NSA discovered and deliberately kept secret, only to have it revealed by the Shadow Brokers. Read the rest

A year later, no action from Chinese company whose insecure PVRs threaten all internet users

It's been more than a year since RSA's Rotem Kerner published his research on the insecurities in a PVR that was "white labeled" by TVT, a Chinese company and sold under over 70 brand-names around the world. In the intervening year, tens of thousands of these devices have been hijacked into botnets used by criminals in denial of service attacks, and TVT is still MIA, having done nothing to repair them. Read the rest

Self-study materials on the fundamentals of malware analysis

Amanda Rousseau's self-learning materials for her Malware Unicorn workshop are a fantastic introduction to understanding and analyzing malware, covering the techniques used by malware authors, reverse-engineering tools, and three kinds of analysis: triage, static and dynamic. Read the rest

Stingray for criminals: spreading mobile malware with fake cellphone towers

Police who rely on vulnerabilities in crooks' devices are terminally compromised; the best way to protect crime-victims is to publicize and repair defects in systems, but every time a hole is patched, the cops lose a tool they rely on the attack their own adversaries. Read the rest

Healthcare facilities widely compromised by Medjack, malware that infects medical devices to steal your information

The healthcare industry is a well-known information security dumpster fire, from the entire hospitals hijacked by ransomware to the useless security on medical devices to the terrifying world of shitty state security for medical implants -- all made worse by the cack-handed security measures that hospital workers have to bypass to get on with saving our lives (and it's about to get worse, thanks to the Internet of Things). Read the rest

USG: an open source anti-BadUSB hardware firewall for your USB port

BadUSB is bad news: malware that targets the firmware in your USB port's embedded system, bypassing the OS, antivirus software and other countermeasures. Read the rest

What it's like to be spied on by Android stalkerware marketed to suspicious spouses

For $170, Motherboard's Joseph Cox bought SpyPhone Android Rec Pro, an Android app that you have to sideload on your target's phone (the software's manufacturer sells passcode-defeating apps that help you do this); once it's loaded, you activate it with an SMS and then you can covertly operate the phone's mic, steal its photos, and track its location. Read the rest

Bad Android security makes it easy to break into and steal millions of "smart" cars

Securelist's report on the security vulnerabilities in Android-based "connected cars" describes how custom Android apps could be used to find out where the car is, follow it around, unlock its doors, start its engine, and drive it away. Read the rest

Proof-of-concept ransomware locks up the PLCs that control power plants

In Out of Control: Ransomware for Industrial Control Systems, three Georgia Tech computer scientists describe their work to develop LogicLocker, a piece of proof-of-concept ransomware that infects the programmable logic controllers that are used to control industrial systems like those in power plants. Read the rest

Cyberarms dealer's weapons used against Mexican soda-tax activists

NSO is an Israel cyberarms dealer, which buys or researches vulnerabilities in software and then weaponizes them; claiming that these cyberweapons will only be used by democratic governments and their police forces to attacks serious criminals and terrorists -- a claim repeated by its competitors, such as Italy's Hacking Team and Gamma Group. Read the rest

Son of Stuxnet: "invisible," memory-resident malware stalks the world's banks

Duqu 2.0 is a strain of clever, nearly undetectable malware, derived from Stuxnet, that stays resident in its hosts' memory without ever writing persistent files to the system's drives. Read the rest

You can install ransomware on a Samsung Galaxy by sending it an SMS

Researchers from Context Security have identified a vulnerability in Samsung Galaxy phones: by embedding commands in the obsolete, 17-year-old WAP proptocol in an SMS message, attackers can put them into endless reboot loops, or encrypt their storage and charge the phone's owners for a decryption key. Read the rest

No, Russia didn't hack Vermont's power grid

Despite what you might have read in this alarming story in the Washington Post, Russia did not hack Vermont's power authority. Read the rest

More posts