The Wannacry ransomware epidemic was especially virulent, thanks to its core: a weaponized vulnerability in Windows that the NSA had discovered and deliberately kept a secret so that they could use it to attack their adversaries. Read the rest
Last month, I used up a good chunk of text talking about how much I’ve come to enjoy using Android-powered smartphones. Unfortunately, a story I ran across over at Wired has convinced me that, at least for the time being, spending significantly more time with my iPhone 6 Plus might be a good idea.
According to the report, for many Android users, it’s not necessary to download an altered .APK file from a shady torrenting website or click an email link that’ll fill your handset up with malware in order to compromise your smartphone’s security. Twenty-five different Android smartphone models, made by well-known manufacturers and available across North America, have been found to be full of security flaws and other exploitable nightmares baked into them. The most frustrating part of it all: none of the exploits detailed in the story would be there if the manufacturers had their shit together
From Wired:
Read the restThe potential outcomes of the vulnerabilities range in severity, from being able to lock someone out of their device to gaining surreptitious access to its microphone and other functions. They all share one common trait, though: They didn’t have to be there.
Instead, they’re a byproduct of an open Android operating system that lets third-party companies modify code to their own liking. There’s nothing inherently wrong with that; it allows for differentiation, which gives people more choice. Google will release a vanilla version of Android Pie this fall, but it’ll eventually come in all kinds of flavors.
Those modifications lead to headaches, though, including the well-established problem of delays in shipping security updates.
Vpnfilter is the malicious software that targets home routers, thought to be the work of Russian state-affiliated hacker group Fancy Bear, that raised alarm last month on the revelation that it had infected half a million home routers around the world. Read the rest
Have you tried turning it off and on again?
The FBI sent out an urgent bulletin advising anyone with a home or small office internet router to immediately turn it off and then turn it on again as a way to help stop the spread of a malware outbreak with origins in Russia. Read the rest
VPNFilter is a virulent, sophisticated, multistage worm that has successfully infected 500,000 home routers, leaving them vulnerable to both surveillance (the malware snoops network traffic for passwords) and region-wide internet shutdowns (VPNFilter can brick the routers it infects, and an attacker could shut down most or all of the home/small business internet access in a region by triggering this). Read the rest
VPNFilter is a sophisticated, multi-stage malware package, part of the new breed of boot-persistent malware (software that can survive a reboot); it targets home routers and network-attached storage devices, then steals passwords and logins that traverse the network and exfiltrates it to the creators' servers. Read the rest
As scary as the epidemics of malware for Internet of Things devices have been, they had one saving grace: because they only lived in RAM (where they were hard to detect!), they could be flushed just by rebooting the infected gadget. Read the rest
Checkmarx researchers including Erez Yalon have created a "rogue Alexa skill" that bypasses Amazon's security checks: it lurks silently and unkillably in the background of your Alexa, listening to all speech in range of it and transcribing it, then exfiltrating the text and audio of your speech to the attacker. Read the rest
When Grey Heron surfaced this month selling anti-Signal and anti-Telegram surveillance tools at a UK trade show for cyber-arms-dealers, sharp-eyed journalists at Motherboard immediately noticed that the company's spokesman was last seen fronting for Hacking Team, a disgraced Italian cyber-arms-dealer that provided surveillance weapons to some of the world's cruelest dictators. Read the rest
Grey Heron is a new cyber-arms dealer offering to sell hacking tools to governments; it is fronted by Eric Rabe, who previously represented the disgraced, hacked Italian malware company Hacking Team, notorious for selling spy tools to governments that used them to target dissidents who were tortured and murdered after they were outed. Read the rest
Radiflow reports that they discovered cryptojacking software -- malware that mines cryptocurrency -- running in the monitoring and control network of an unnamed European water utility, the first such discovery, and a point of serious concern about the security and integrity of critical infrastructure to both targeted and untargeted attacks. Read the rest
Security researcher Scott Helme has spotted a third-party exploit that injects a script that mines cryptocurrency on over 4,200 sites, from the UK NHS to the US Courts' official site to the sites of other esteemed security researchers. Read the rest
This week, AV-TEST's census of samples of circulating malware that attempt to exploit the Meltdown and Spectre bugs hit 139, up from 77 on January 17. Read the rest
Flexispy is a creepy, potentially illegal piece of stalkerware marketed to abusive men who want to spy on their partners; but Jim Born, an ex-DEA cop and retired Florida Department of Law Enforcement agent (now a crime novelist) says that he thinks he "used on a case or tried it to understand how it worked. Nothing nefarious." Read the rest
A new research report from Kaspersky Labs details their analysis of Skygofree, a newly discovered strain of malware that offers some of the most comprehensive and invasive surveillance tools ever seen for Android.
An indictment in the US District Court for the Northern District of Ohio's Eastern Division alleges that Phillip R Durachinsky created a strain of MacOS "creepware" called Fruitfly, which was able to covertly operate the cameras and microphones of infected computers as well as capturing and sharing porn searches from the infected machines; the indictment alleges that Durachinsky used the software for 13 years, targeting individuals, schools, and federal agencies including the Department of Energy. Read the rest
"Cryptojacking" is the latest trend in malware; by some estimates, there are at least 2,500 sites that illicitly run Javascript in your browser to secretly mine cryptocurrency.
So the browser pushback has begun. Opera just announced its latest release includes anti-mining measures:
Bitcoins are really hot right now, but did you know that they might actually be making your computer hotter? Your CPU suddenly working at 100 percent capacity, the fan is going crazy for seemingly no reason and your battery quickly depleting might all be signs that someone is using your computer to mine for cryptocurrency.
Brave, Brendan Eich's new startup browser, also implemented this type of blocking earlier this year. I hope this trend continues; there are lots of plugins that block cryptocurrency mining, but it'll only become mainstream if it's built as a default into mainstream browsers. Read the rest
