Mac users are getting hit with Shlayer, a malware that installs an “Any Search” bar on their computer, reports Lifehacker. Read the rest
If you are a Mac user, here's how to avoid the most common kind of malware
Virgin's subsidized smartphones come with unremovable Chinese malware
The Unimax U686CL is a cheap Android phone distributed in the USA by Virgin subsidiary Assurance Wireless as part of its federally subsidized Lifeline program, which is available to low-income Americans. Read the rest
Malicious websites that hacked into iPhones over 2-year period targeted Uyghur Muslims in China: Report
A number of malicious websites that were recently reported to have been secretly hacking into iPhones over a two-year period were in fact targeting Uyghur Muslims, Zack Whittaker of TechCrunch reports today. Read the rest
Compromised speakers can be forced to play tones so loud that the speakers start to melt
Security research Matt Wixey from PWC UK tried putting different kinds of consumer speakers -- noise canceling headphones, smart speakers, parametric speakers -- in an anechoic chamber after infecting them with malware that caused them to emit tones beyond those intended by the manufacturer. Read the rest
AT&T employees took over $1 million in bribes to plant malware and unlock millions of smartphones: DOJ
”AT&T employees took bribes to unlock millions of smartphones.”
An 14-year-old's Internet-of-Things worm is bricking shitty devices by the thousands
A hacker calling themself Light Leafon who claims to be a 14-year-old is responsible for a new IoT worm called Silex that targets any Unix-like system by attempting a login with default credentials; upon gaining access, the malware enumerates all mounted disks and writes to them from /dev/random until they are filled, then it deletes the devices' firewall rules and removes its network config and triggers a restart -- this effectively bricks the device, rendering it useless until someone performs the complex dance needed to download and reinstall the device's firmware. Read the rest
Thangrycat: a deadly Cisco vulnerability named after an emoji 😾😾😾
Thangrycat is a newly disclosed vulnerability in Cisco routers that allows attackers to subvert the router's trusted computing module, which allows malicious software to run undetectably and makes it virtually impossible to eliminate malware once it has been installed. Read the rest
Florida man convinces Western Union clerk to insert a thumb drive, steals $32K, does it again, gets caught
Vasile Savu is accused of walking into a Western Union in Hollywood, Florida and asking the clerk to print out his flight itinerary, a pretense he used to get the clerk to insert a thumb-drive loaded with malicious software into his computers, which allegedly allowed Savu to steal $32k from the business. Read the rest
Android malware uses accelerometer readings to figure out if it was running on a real phone or in emulation
Malware authors have a problem: they want their software to run aggressively when no one is looking at it, but to shut down entirely if the device it's running on is actually in some malware researcher's lab. Read the rest
Ships are just giant floating computers, filled with ransomware, BadUSB, and worms
A coalition of shipping industry associations has published The Guidelines on Cyber Security Onboard Ships, laying out best practices for the giant ships that ply the seas, and revealing that these behemoths are routinely infected with worms, ransomware, and malware spread by infected USB devices. Read the rest
Malware authors have figured out how to get Google to do "irreversible takedowns" of the sites they compete with
When a rightsholder complains to Google about a website infringing its copyright, Google will generally delist the site, but allow the site's owner to contest the removal through a process defined in Section 512 of the DMCA. Read the rest
Malware vector: become an admin on dormant, widely-used open source projects
Many open source projects attain a level of "maturity" where no one really needs any new features and there aren't a lot of new bugs being found, and the contributors to these projects dwindle, often to a single maintainer who is generally grateful for developers who take an interest in these older projects and offer to share the choresome, intermittent work of keeping the projects alive. Read the rest
Alex Jones blames "leftist stay-behind networks in US intelligence agencies" for malware on his site
Alex Jones, starved of attention since he was no-platformed by Big Tech, has launched a desperate bid for notoriety, releasing an unhinged (even by Jones's standards) statement blaming the credit-card skimming malware his online store was serving on "a zero-day hack probably carried out by leftist stay behind networks hiding inside US intelligence agencies" (he also blamed it on "big tech, the communist Chinese, and the Democratic party" "globalist forces, "the corporate press, Antifa and rogue intelligence operatives"). Read the rest
Wannacry ransomware cost the British National Health Service £92m ($121m)
The Wannacry ransomware epidemic was especially virulent, thanks to its core: a weaponized vulnerability in Windows that the NSA had discovered and deliberately kept a secret so that they could use it to attack their adversaries. Read the rest
Tweaks made to Android OS are causing massive security holes
Last month, I used up a good chunk of text talking about how much I’ve come to enjoy using Android-powered smartphones. Unfortunately, a story I ran across over at Wired has convinced me that, at least for the time being, spending significantly more time with my iPhone 6 Plus might be a good idea.
According to the report, for many Android users, it’s not necessary to download an altered .APK file from a shady torrenting website or click an email link that’ll fill your handset up with malware in order to compromise your smartphone’s security. Twenty-five different Android smartphone models, made by well-known manufacturers and available across North America, have been found to be full of security flaws and other exploitable nightmares baked into them. The most frustrating part of it all: none of the exploits detailed in the story would be there if the manufacturers had their shit together
From Wired:
Read the restThe potential outcomes of the vulnerabilities range in severity, from being able to lock someone out of their device to gaining surreptitious access to its microphone and other functions. They all share one common trait, though: They didn’t have to be there.
Instead, they’re a byproduct of an open Android operating system that lets third-party companies modify code to their own liking. There’s nothing inherently wrong with that; it allows for differentiation, which gives people more choice. Google will release a vanilla version of Android Pie this fall, but it’ll eventually come in all kinds of flavors.
Those modifications lead to headaches, though, including the well-established problem of delays in shipping security updates.
New Vpnfilter analysis: modules attack router owners and target industrial control systems; reinfection still possible, more routers vulnerable
Vpnfilter is the malicious software that targets home routers, thought to be the work of Russian state-affiliated hacker group Fancy Bear, that raised alarm last month on the revelation that it had infected half a million home routers around the world. Read the rest
FBI says to reboot your router ASAP to avoid Russia malware VPNFilter
Have you tried turning it off and on again?
The FBI sent out an urgent bulletin advising anyone with a home or small office internet router to immediately turn it off and then turn it on again as a way to help stop the spread of a malware outbreak with origins in Russia. Read the rest
