Internet threat news

Americans Release Technical Details of Russian Hacking

The Department of Homeland Security and FBI Have released technical details of the hacking of the Democrat Party and Clinton Campaign that they first described in this document in October. As President Obama promised, the government has released proof that this hacking came from Russian intelligence agencies. Now he has punished them by expelling 35 spies and putting banking and travel sanctions on certain Russians. Americans have a unique ability to effectively punish people around the world that way, since most international commerce uses American dollars and some part of the US banking infrastructure.

Obama also promised that any technical analysis would not reveal all the details of how they uncovered what the Russians did, saying that would give away secret techniques. Instead the document includes a list of malware, exploit kits, viruses, domains, techniques, and IP addresses used by the Russians. The document also gives advice how system administrators can help secure their network against these attacks.

Phishing Attack tied to DNS Record Update

It seems hackers also go after people who are supposed to be educated about the dangers of phishing: tech professionals.

Last week I updated the DNS records for my personal email domain. So I was easily tricked when a few hours later I got this email that looks very much like it came from Google support. Luckily this was a harmless ad rotator and not malware. Or it could be that this switched to an ad rotator when it queried my browser and OS and found no match for whatever attack they had planned.

British Tesco Bank Halts all Online Banking, Russian Central Bank Hacked

In what one could characterize as the worst banking hacker attack this year - and the only one to have ever caused a bank to shut down its site - Tesco Bank shut off online banking for all of its accounts after 40,000 of them were attacked. Hackers stole £2.5 million from 9,000 accounts. The bank stopped all online activity, but the site is back up now. The bank has not said specifically what steps they have taken to harden their site.

An employee who spoke to the media says the problem most likely could be blamed on Tesco grocery. Tesco also operates an online and brick and mortar grocery business. The employee said the bank’s employees are carefully vetted and its security is good. But the bank’s system is connected to the grocery system which has unpatched servers and poor security in general, the employee said.

It could be that the banking regulator shut down the online bank. The regulator issued a statement scolding the bank for lax security. Now the bank faces fines that could run into the millions of pounds.

Chinese Planted Spyware on Massive number of Android Phones

The The New York Times, under the scary headline “Secret Backdoor in Some U.S. Phones Sent Data to China, Analysts Say,” reported that Kryptowire security researchers reported that a Chinese firm Shanghai Adups Technology Co. Ltd has planted software on hundreds of thousands of Android devices and is siphoning off phone data. It did this at the request of an unnamed Chinese manufacturer, they said.

The NYT wrote, “Security contractors recently discovered pre installed software in some Android phones that monitors where users go, whom they talk to and what they write in text messages.”

This is the worrying part: “... this case is exceptional. It was not a bug. Rather, Adups intentionally designed the software to help a Chinese phone manufacturer monitor user behavior …”

This news was broadcast on November 15. So far the US Department of Homeland Security has said it will post a bulletin, but it has not yet. Regarding Europe, it seems that this spyware might have been only intended for the Chinese market but ended up on BLU phones sold in the USA through Amazon and Best Buy by mistake. There is no news so far of this spyware being on phones in Europe or anywhere else besides China and the USA.

35% of Websites Could Stop Working in January 2017 unless their Owners Update their Encryption

SHA-1 (Secure Hashing Algorithm 1) is an encryption algorithm used to encrypt traffic to and from SSL/HTTPS websites. It has some known security weaknesses. So it is being phased out and replaced with SHA-2 and SHA-3. Certificate authorities will quit issuing SHA-1 certificates in January 2017. Microsoft, Google, and Mozilla web browsers will quit supporting those then. That is all good, but the problem is 35% of websites still use these older certificates says research firm Venafi. Web browsers tell you exactly how strong the encryption in a website is when you go there by color coding the address bar. Green is good. Red is bad.

Lock means the site is safely encrypted and you can feel safe entering data there. Info means the site does not use encryption at all or in all places. And the red warning means the SSL certificate is expired, the site has been flagged by the Safe Browsing organization, or there is what Google calls “a weak security setup,” meaning SHA-1.

Should you panic? Is the internet going to stop working on January 2017? Doubtful.

First of all, the security weakness of SHA-1 is probably exaggerated where you consider practical details.

Windows 2016 Server New Security Features

What are some of the new security features in Windows 2016?

Windows 2016 is the soon-to-be released version of Windows server software. The Server version of Windows is the software designed to power business, engineering, and other applications. It is not for desktop users. Prior to Windows 2016 there was Windows 2012 and Windows 2008. So it looks like Microsoft releases a new version about every 4 years.

Changes to Windows 2016 this time can be said to be incremental rather than wholesale. The basic architecture is the same.

One addition to Windows is containers. These have gained a wide following with Linux servers. A container lets a user download and start running application software in just a few minutes or seconds as opposed to hours, days, or weeks to install that by hand. It is like a virtual machine, but it is much smaller since it is not a full operating system.

Nano Server
The Nano Server is something in between the container and hypervisor.

Now you can install Windows as a Nano server. This is a small operating system that lacks, for example, a graphical interface. A Nano server would be used to run databases and other applications on the cloud. The idea is if it is small then there are less components to attack. For example there are less security updates to install. It is the minimum OS needed to run applications. The Nano server is stripped of many Windows features, thus making it suitable for doing just one task.

Microsoft Bounty Bug Program

Some software companies invite security researchers to look for weaknesses in their software and then pay they for finding those. That is called a Bounty Bug program. Microsoft is one company that does that. Google has a bounty program for Android. Apple is late to the game, only launching its program this year. But they pay the highest bounty, up to $200,000 for zero day vulnerabilities. Many smaller companies offer bounty bug programs too.

Not only does Microsoft pay a reward for finding bugs in Windows—some of them are sizeable—they feature the researcher’s name in their bulletins and invite some of them to come to the Researcher Appreciation Party in Las Vegas.

Researchers have to be at least 14 years old and cannot come from countries against which the USA has sanctions. And they agree not to publish their exploit code.   

Microsoft discusses weaknesses and their fixes in their Microsoft Security Bulletins.

But Microsoft says researchers can write about the bug as well as show the exploit code, but only once the vulnerability is fixed. They say, “Please do not discuss the vulnerability in any form prior to Microsoft notifying you that it is fixed. And they say “This does not prevent you from discussing the vulnerability once it is fixed or showing the effects of the exploit in code.”

Recent Massive DDoS Attack caused by IoT Devices

Last week we wrote about a massive DDoS attack on that cut off access to Netflix, Amazon, and many other sites for users in large parts of the USA. Now we know that this was caused by IoT devices.

IoT (The Internet of Things) is a technology that is rolling out quickly. What this does is connect everything from smart home appliances to industrial machinery and even physical inventory to the cloud. The idea is to both monitor offices, homes, buildings, traffic, manufacturing, medical patients, and agriculture, but also control those devices.

IoT has taken off in recent years because of the plunging cost of technology and the growth of companies that have made it easier to connect many of these devices to their clouds. Companies exist to let manufacturers and other companies control hundreds or thousands of IoT devices from the cloud. Home IoT systems for the most part operate without a cloud central-control mechanism.

An IoT device is usually some kind of sensor, like humidity or motion, plus a computing card and controller. These computing cards are, for example, Raspberry Pi or Intel Edison computing cards that for the most part run some version of Linux. The cards are not much larger than a wallet.

Twitter, Amazon, Netflix, The New York Times, Spotify, Reddit, and others Impacted by Massive DDoS

Someone, no one is quite sure who, yet, has managed to take Twitter, SoundCloud, Spotify, Shopify, and other sites offline using a DDoS (distributed denial of service) attack this week. The outage affected much of the USA and parts of Europe.

These sites are all customers of They are a company that operates a massive DNS system around the world that lets companies failover from one set of servers to another and provides redundancy. It also serves as a content distribution network (CDN) to reduce latency by locating data closer to users by locating that around the world.

The US government is responding to this attack by questioning whether this is a criminal DDoS attack, as Brian Krebs and others have speculated, or a state cyberattack. Congressmen on Capitol Hill have raised questions about that and the White House has gotten involved.

This comes on the heels of allegations, and apparently proof as well, that the Russian government has been hacking into the computer systems at Hillary Clinton’s presidential campaign and the Democratic Party headquarters. Pundits on TV, in the news, and the Clinton campaign say Russian President Putin’s goal is to embarrass Secretary Clinton, thus favoring Donald Trump.

Pegasus Spyware Targets iOS

An activist in the Middle East in August of this year noticed odd text messages coming to his phone. It turns out that those were instructions coming from the command and control center for Pegasus Spyware telling the Spyware what actions to take.

The activist alerted Citizen Lab who contacted the Lookout security firm. What they found was spyware. Lookout wrote this technical analysis giving details of how the spyware works.

State-level Hackers for Hire
NSO Group is an Israeli firm that wrote Pegasus. It affects iOS up to version 9.3.5. Pegasus lets whoever is using it bypass iOS security and gain access to virtually all data on the phone including audio, video, contacts, GPS location, passwords, Wi-Fi router password, text messages, and messages and email from from Gmail, Facebook, Skype, WhatsApp, and other programs.

Why the way American Government Contracting works makes cybersecurity there not secure at all

NSA employee Harold T. Martin III has been taken to jail for allegedly stealing documents, files, and maybe devices from the NSA intelligence agency. While there has been some speculation that he might have been the source who leaked a vast amount of NSA tools on the internet recently, including the NSA’s best hacking tools, current reports say he might have just been collecting this information with no particular intention of selling it. So he might have just been curious and a collector of such things.

That Mr Martin worked for Booz Allen Hamilton brings new scrutiny to that government contractor, because Edward Snowden worked there too.

So let’s take a look at Booz Allen Hamilton (BAH) and the government contracting business in Washington and you will get an understanding of why the NSA, FBI, and Pentagon probably do not operate as efficiently as shown in the movies.

Hacking Self Driving Cars

Recently the American government issued guidelines for driverless vehicles. This creates national standards so that car manufacturers do not have to figure out how to follow 50 different laws in 50 different states. Analysts have said these rules seek to make this market grow without imposing a heavy regulatory burden. Many of the details are left up to the manufacturers to design and implement.

Google has long been operating self-driving cars. Uber has self-driving taxis operating in Pittsburgh, Pennsylvania.  And Tesla has self-driving electric cars. All of these let the driver take control when needed. Ford announced it is building Fusion Hybrid driverless vehicles that do not even have a steering wheel. So there will be no way that passengers can take control of the vehicle.

The fear is that a hacker can take control of a car and drive it into a wall.

Cambridge University Hacks iPhone 5c that FBI Says Could Not be Hacked

Cambridge University researcher Sergei Skorobogatov demonstrated that he can brute force attack the passcode screen lock feature on the iPhone 5c. He did this by physically opening up the iPhone and then making a copy of the memory chip which he then connected to the phone using wires. Then he said you could enter every 4 digit passcode from 0001 to 1111 manually until you unlocked the phone. He did not actually do that as it would take 20 hours. Instead he proved it would work. The goal was to use copies of the memory chip, because if the security feature is enabled the iPhone erases the memory after 6 failed attempts.

The paper he wrote explaining the process is here. And a YouTube video of him demonstrating the procedure is here.

The FBI wanted to try this type of attack against iPhone owned the San Bernardino terrorists. The FBI director said, “It did not work.” Then they paid a security firm $1.3 million for their secret technique.

Why Adobe Flash is a Security Risk and Why Media Companies Still Use it

You might have noticed that so many security updates pushed out to Windows include updates to Adobe Flash.

Adobe Flash is a security risk that will not go away. Steve Jobs famously fought this web video player, because he did not want the Safari browser dependent on a third-party product. He even wrote an essay in 2010, that you can read here, explaining why Flash would never run on iOS or Mac OS. (Although Adobe wrote instructions for how to enable it there, since otherwise lots of media content would not work.)

Jobs and others pushed for an upgrade to the HTML standard to HTML5 to support video without Flash. That took some years to roll out. HTML5 supports the <VIDEO> and <AUDIO> HTML tags. That causes a browser to play a video or audio using its own native ability to do that. But many websites still use <EMBED> and <OBJECT> HTML which launches the Adobe Flash or Adobe Shockwave plugins.


Page 19 of 27

<< Start < Prev 11 12 13 14 15 16 17 18 19 20 Next > End >>
Malware activity

Global virus and spyware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal