Wannacry ransomware cost the British National Health Service £92m ($121m)

The Wannacry ransomware epidemic was especially virulent, thanks to its core: a weaponized vulnerability in Windows that the NSA had discovered and deliberately kept a secret so that they could use it to attack their adversaries. Read the rest

Tweaks made to Android OS are causing massive security holes

Last month, I used up a good chunk of text talking about how much I’ve come to enjoy using Android-powered smartphones. Unfortunately, a story I ran across over at Wired has convinced me that, at least for the time being, spending significantly more time with my iPhone 6 Plus might be a good idea.

According to the report, for many Android users, it’s not necessary to download an altered .APK file from a shady torrenting website or click an email link that’ll fill your handset up with malware in order to compromise your smartphone’s security. Twenty-five different Android smartphone models, made by well-known manufacturers and available across North America, have been found to be full of security flaws and other exploitable nightmares baked into them. The most frustrating part of it all: none of the exploits detailed in the story would be there if the manufacturers had their shit together

From Wired:

The potential outcomes of the vulnerabilities range in severity, from being able to lock someone out of their device to gaining surreptitious access to its microphone and other functions. They all share one common trait, though: They didn’t have to be there.

Instead, they’re a byproduct of an open Android operating system that lets third-party companies modify code to their own liking. There’s nothing inherently wrong with that; it allows for differentiation, which gives people more choice. Google will release a vanilla version of Android Pie this fall, but it’ll eventually come in all kinds of flavors.

Those modifications lead to headaches, though, including the well-established problem of delays in shipping security updates.

Read the rest

New Vpnfilter analysis: modules attack router owners and target industrial control systems; reinfection still possible, more routers vulnerable

Vpnfilter is the malicious software that targets home routers, thought to be the work of Russian state-affiliated hacker group Fancy Bear, that raised alarm last month on the revelation that it had infected half a million home routers around the world. Read the rest

FBI says to reboot your router ASAP to avoid Russia malware VPNFilter

Have you tried turning it off and on again?

The FBI sent out an urgent bulletin advising anyone with a home or small office internet router to immediately turn it off and then turn it on again as a way to help stop the spread of a malware outbreak with origins in Russia. Read the rest

FBI sinkholes a key domain used by the malware that infected 500,000 home routers, declares partial victory and Russian attribution

VPNFilter is a virulent, sophisticated, multistage worm that has successfully infected 500,000 home routers, leaving them vulnerable to both surveillance (the malware snoops network traffic for passwords) and region-wide internet shutdowns (VPNFilter can brick the routers it infects, and an attacker could shut down most or all of the home/small business internet access in a region by triggering this). Read the rest

500,000 home routers have been infected with VPNFilter, malware that steals data and bricks devices

VPNFilter is a sophisticated, multi-stage malware package, part of the new breed of boot-persistent malware (software that can survive a reboot); it targets home routers and network-attached storage devices, then steals passwords and logins that traverse the network and exfiltrates it to the creators' servers. Read the rest

A new strain of IoT malware can survive a reboot

As scary as the epidemics of malware for Internet of Things devices have been, they had one saving grace: because they only lived in RAM (where they were hard to detect!), they could be flushed just by rebooting the infected gadget. Read the rest

Security researchers can turn Alexa into a transcribing, always-on listening device

Checkmarx researchers including Erez Yalon have created a "rogue Alexa skill" that bypasses Amazon's security checks: it lurks silently and unkillably in the background of your Alexa, listening to all speech in range of it and transcribing it, then exfiltrating the text and audio of your speech to the attacker. Read the rest

Cyber-arms-dealer Grey Heron really, really doesn't want you to know about the connections between them and the disgraced Hacking Team

When Grey Heron surfaced this month selling anti-Signal and anti-Telegram surveillance tools at a UK trade show for cyber-arms-dealers, sharp-eyed journalists at Motherboard immediately noticed that the company's spokesman was last seen fronting for Hacking Team, a disgraced Italian cyber-arms-dealer that provided surveillance weapons to some of the world's cruelest dictators. Read the rest

A new government malware company, fronted by Hacking Team's old spokesjerk, says it can spy on Signal and Telegram

Grey Heron is a new cyber-arms dealer offering to sell hacking tools to governments; it is fronted by Eric Rabe, who previously represented the disgraced, hacked Italian malware company Hacking Team, notorious for selling spy tools to governments that used them to target dissidents who were tortured and murdered after they were outed. Read the rest

Cryptojacking malware discovered running on critical infrastructure control systems

Radiflow reports that they discovered cryptojacking software -- malware that mines cryptocurrency -- running in the monitoring and control network of an unnamed European water utility, the first such discovery, and a point of serious concern about the security and integrity of critical infrastructure to both targeted and untargeted attacks. Read the rest

Cryptocurrency-mining malware spotted on more than 4200 sites including UK, US, and Australian government sites

Security researcher Scott Helme has spotted a third-party exploit that injects a script that mines cryptocurrency on over 4,200 sites, from the UK NHS to the US Courts' official site to the sites of other esteemed security researchers. Read the rest

139 pieces of (seemingly nonfunctional) malware that exploit Spectre and Meltdown are now circulating in the wild

This week, AV-TEST's census of samples of circulating malware that attempt to exploit the Meltdown and Spectre bugs hit 139, up from 77 on January 17. Read the rest

Florida state cop says he can't remember why he bought mobile stalking app

Flexispy is a creepy, potentially illegal piece of stalkerware marketed to abusive men who want to spy on their partners; but Jim Born, an ex-DEA cop and retired Florida Department of Law Enforcement agent (now a crime novelist) says that he thinks he "used on a case or tried it to understand how it worked. Nothing nefarious." Read the rest

A newly discovered strain of Android malware contains never-seen surveillance features

A new research report from Kaspersky Labs details their analysis of Skygofree, a newly discovered strain of malware that offers some of the most comprehensive and invasive surveillance tools ever seen for Android.

Read the rest

Federal prosecutors say that Ohio man used MacOS malware that covertly operated cameras and mics and exfiltrated porn searches for 13 years

An indictment in the US District Court for the Northern District of Ohio's Eastern Division alleges that Phillip R Durachinsky created a strain of MacOS "creepware" called Fruitfly, which was able to covertly operate the cameras and microphones of infected computers as well as capturing and sharing porn searches from the infected machines; the indictment alleges that Durachinsky used the software for 13 years, targeting individuals, schools, and federal agencies including the Department of Energy. Read the rest

Opera browser now includes cryptojacking protection

"Cryptojacking" is the latest trend in malware; by some estimates, there are at least 2,500 sites that illicitly run Javascript in your browser to secretly mine cryptocurrency.

So the browser pushback has begun. Opera just announced its latest release includes anti-mining measures:

Bitcoins are really hot right now, but did you know that they might actually be making your computer hotter? Your CPU suddenly working at 100 percent capacity, the fan is going crazy for seemingly no reason and your battery quickly depleting might all be signs that someone is using your computer to mine for cryptocurrency.

Brave, Brendan Eich's new startup browser, also implemented this type of blocking earlier this year. I hope this trend continues; there are lots of plugins that block cryptocurrency mining, but it'll only become mainstream if it's built as a default into mainstream browsers. Read the rest

More posts