Internet threat news
Researchers from Dell SecureWorks recently discovered a sophisticated malware variant which allows hackers to authenticate themselves as any user on a Windows Active Directory server using any password once the network has been infiltrated using stolen login credentials. Based on the malware analysis offered by Dell, it appears that Skeleton Key – as named by the Dell researchers responsible for discovering the malware – was carefully designed to do a specific job. This malware is deployed using an in-memory process ‘patch’ that uses the compromised admin account used to access the system in the first place.
Adobe Flash has been a favorite target for hackers for years because there are many ways to exploit the platform whereby hackers can install malicious code on the PC including banking Trojans, key loggers and other dangerous malware. Using various drive-by download techniques, hackers are able to bypass security measures within Adobe Flash and patching these vulnerabilities has become a drawn out game of cat and mouse. Adobe patches while hackers find new vulnerabilities and the cycle continues. This is exactly what happened after Adobe released a patch last week.
A cybersecurity security firm (Cyphort) recently reported that the AOL Ad Network was responsible for spreading malware in the form of malicious advertisements found along the sidebars of popular websites including the Huffington Post, Game Zone, Weather Bug and others. The AOL Ad Network, which supports ad platforms in both the United States and Germany, reports serving nearly 200 million user impressions every month. In fact, 90% of U.S. Internet users are exposed to the AOL Ad Network every day.
Asustek Computer produces a wide range of technology products ranging from PCs and associated peripherals to routers used by consumers and businesses around the world. A vulnerability was recently discovered in Asuswrt, the firmware used on many Asus branded routers. Once exploited, this vulnerability gives the hacker complete control of the router and ultimately, the entire network. The flaw is actually located within a service called infosvr. Infosvr runs on Asuswrt-powered routers by default and is leveraged by the Asus Wireless Router Device Discovery Utility.
Security analysts from Trend Micro Lab discovered a banking Trojan last month that was specifically targeting South Korean banks. While this may not appear to be especially newsworthy at first glance, a recent discovery about this class of banking Trojans is of much greater concern. Rather than communicate with C&C servers using conventional encryption protocols to avoid detection, TPSY_Banker.YYSI (as it has been dubbed by Trend Micro) uses Pinterest to communicate with C&C servers.
Security Researchers recently discovered yet another threat to websites running a popular content management system (CMS), WordPress. This threat, which has been dubbed SoakSoak, is the latest malware threat specifically designed to target websites operating the CMS and has already resulted in over 11,000 domains being blacklisted by Google. WordPress has become extremely popular and can be found on the backend of nearly 60 million websites worldwide (meaning approximately 1 in every 6 websites run the CMS) so it’s no wonder hackers have started targeted the infrastructure more regularly in the last few months.
Security researchers with Russian-based Kaspersky Labs recently discovered a new banking Trojan that appears to be yet another evolution of the notorious Zeus botnet. According to a report released by Kaspersky last week, the malware is currently targeting over 150 banks and 20 payment processors in 16 different countries – including the United States. Known as Chthonic and officially detected as Trojan-Banker.Win32.Chthonic, this new Zeus variant represents the latest cog in a constantly evolving malware campaign that focuses on major financial institutions around the world.
It seems that even the notorious terrorist organization known as ISIS has resorted to using malware in its fight against groups it perceives to be hostile. Referred to by security experts as ‘Digital AK-47’, this malware strain has a simple purpose and has only been sent to select targets that publicly speak out against the reign of terror ISIS has been responsible for in many parts of the Middle East. Digital AK-47 was recently intercepted and analyzed by Citizen Lab (a University of Toronto Internet watchdog). So far, the malware has only been sent out to a small number of email addresses specifically targeting members of the group known as Raqqah is being Slaughtered Silently (RSS).
As hackers continue to look for new ways to mimic the success of previous banking Trojans such as Zeus and the Gameover botnet, there hasn’t been a shortage of potential threats this year (many of them have been covered on this blog). Perhaps to end this year with a bang hackers recently introduced a new – and extremely dangerous – banking Trojan that uses some interesting techniques and continues to evolve into an increasingly dangerous malware threat even as you read this. This threat, known as Vawtrak, was discovered by security research company SophosLabs last month.
A security flaw was recently uncovered that could affect 12 million businesses or more in the coming months. The critical software bug, which has been named the ‘Misfortune Cookie’, affects routers, modems and other gateway devices as well as other devices connected to the same network. Devices that could be affected indirectly by Misfortune Cookie include PCs, smartphones, tablets, printers and an assortment of smart devices such as TVs, refrigerators and thermostats. The security flaw resides not in the device, but rather in a web server (RomPager by AllegroSoft) typically embedded in the affected devices firmware.
As the holiday shopping season continues to build in these final weeks of 2014, hackers and cyber criminals around the world are up to many of the same tricks they use every year around this time in the hopes of tricking unsuspecting victims into downloading malicious and potentially dangerous malware. One of the most prevalent scams this year is being referred to as “malicious order confirmation emails.” As the name implies, spam email campaigns designed to mimic correspondence from popular retailers are the primary means of disseminating an array of known malware variants including the notorious Asprox Trojan – a dangerous piece of malware that can harvest email credentials and other passwords from infected machines.
This blog has covered many different varieties of ransomware in the past including Cryptolocker, Reveton and CryptoWall (just to name a few). As ransomware continues to be a popular attack venue for cyber criminals, we have seen many variations of similar source code. This phenomenon is not exclusive to ransomware - in fact, most modern malware threats share source code and hackers simply add small variations to make them undetectable by modern antivirus solutions and increasingly savvy PC users. That said, security researchers from SophosLabs recently uncovered a new form of ransomware that is actually new.
Security experts recently discovered a new type of point-of-sale malware similar in design to the devastatingly powerful BlackPOS malware which affected target and many other US retailers during the holiday shopping season of 2013. As you may recall from the coverage of the Target breach on this blog last year, the personal details of over 40 million customers were compromised when hackers were able to infect the point-of-sale system with BlackPOS. Compromised information included email addresses, credit card numbers and billing information which was then sold through a variety of “carding” websites around the world.
Destover, also known as Wipall, has been identified as the malware used in the attack against Sony Pictures Entertainment late last month. This attack was responsible for wiping the hard drives of numerous PCs within the company’s network before rebooting each infected system and displaying a copy of a bitmap image announcing to employees that the network had been hacked by a group calling itself the Guardians of Peace (GOP). Shortly after the Sony attack made headlines, the FBI issued a warning stating that a destructive – but unidentified – malware attack had been launched against a prominent US business (which was also not named within the warning). Following the breach, an email was sent to the Information Security Media Group by an individual claiming to be the leader of GOP.
Page 1 of 11<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>