Author Archives: Patrick Howell O'Neill

Arctic Wolf announces $16 million funding round

Posted on by

Arctic Wolf Networks announced a $16 million funding round Wednesday, boosting its SOC-as-a-service product. Led by Sonae Investment Management, the investment into the Sunnyvale, California company bolsters the coffers for a firm that is looking to scale up at a time when managed security services are gaining popularity. Lightspeed Venture Partners, Redpoint Ventures and Knollwood Investment Advisory also participated in the funding. Arctic Wolf sells a cloud security operations center (SOC) so that clients can subscribe into a ready-made SOC-as-a-service, instead of building out their own expensive and complex threat detection center. Arctic Wolf’s “Concierge Security Engineers” are meant to be an extension of any company’s normal IT team. The company’s founder and CEO is Brian NeSmith, who was formerly the CEO of Blue Coat Systems. Blue Coat, which sells Deep Packet Inspection technology among other products, was named an “enemy of the internet” in 2013 by Reporters Without Borders for selling potent surveillance […]

The post Arctic Wolf announces $16 million funding round appeared first on Cyberscoop.

Continue reading Arctic Wolf announces $16 million funding round

Hackers hiding malware, porn ads inside kids apps on Google Play Store

Posted on by

Won’t somebody besides the scammers please think of the children? New malware on the Google Play Store downloaded over 3 million times hid inside nearly 70 different children’s game apps. The malware, known as AdultSwine, created an array of problems for victims including scaring them into installing fake security apps, spending money on premium SMS messages and displaying ads over other apps that included pornographic content. Infected apps include Five Nights Survival Craft (with over 1 million downloads), Mcqueen Car Racing Game (over 500,000 downloads) and Addon Pixelmon for MCPE (over 500,000 downloads). The ads come from popular advertisement networks like Google, Facebook and Immobi, as well as the malware’s own ad library, which include the pornographic advertisements. Researchers from Israeli cybersecurity firm Check Point Technologies say AdultSwine could also easily be used for  more nefarious things like credential theft. Despite significant efforts from Google, the Google Play Store is regularly hit by malware outbreak […]

The post Hackers hiding malware, porn ads inside kids apps on Google Play Store appeared first on Cyberscoop.

Continue reading Hackers hiding malware, porn ads inside kids apps on Google Play Store

Feds charge ‘Fruitfly’ creator with hacking thousands of computers

Posted on by

An Ohio man faces a 16-count indictment for allegedly creating a piece of malware that spied on victims in order to commit a litany of crimes, including the production of child pornography, according to federal prosecutors. The government claims, Phillip R. Durachinsky, 28, ran a 13-year scheme from 2003 to Jan. 20, 2017 that infected thousands of computers with malware dubbed “Fruitfly.” Victims include unknowing individuals, police departments, schools, companies and the federal government. Fruitfly, which targeted Mac computers, allowed Durachinsky to take complete control of a computer including secretly turning on cameras and microphones to record video and audio. Durachinsky also allegedly used Fruitfly to steal personal data including their logon credentials, tax records, medical records, photographs, banking records, Internet searches, and potentially embarrassing communications, according to federal prosecutors. “This defendant is alleged to have spent more than a decade spying on people across the country and accessing their personal information,” First […]

The post Feds charge ‘Fruitfly’ creator with hacking thousands of computers appeared first on Cyberscoop.

Continue reading Feds charge ‘Fruitfly’ creator with hacking thousands of computers

Flaw in WhatsApp and Signal exposes group chats to ‘extremely difficult’ hacks

Posted on by

A flaw in popular encrypted chat programs WhatsApp, Threema and Signal theoretically allows almost anyone to control important servers, bypass encryption and add themselves to group chats. New research from a team of German cryptographers presented Wednesday at the Real World Crypto conference in Zurich, Switzerland zeroed in on group messaging to show that security for a one-on-one conversation is far ahead of group chats. The vulnerabilities found in Threema and Signal are relatively harmless compared to the problems researchers found with WhatsApp, because of the relative ease with which new people can be inserted into private groups without any permission. “The confidentiality of the group is broken as soon as the uninvited member can obtain all the new messages and read them,” Paul Rösler, one of the Ruhr University researchers behind the new finds, told Wired. “If I hear there’s end-to-end encryption for both groups and two-party communications, that means adding of […]

The post Flaw in WhatsApp and Signal exposes group chats to ‘extremely difficult’ hacks appeared first on Cyberscoop.

Continue reading Flaw in WhatsApp and Signal exposes group chats to ‘extremely difficult’ hacks

‘Anglo-Saxon Illuminati’ responsible for Olympic doping controversy, according to Fancy Bear

Posted on by

A hacking group with suspected Russian links published allegedly leaked emails from the International Olympic Committee (IOC) and the World Anti-Doping Agency (WADA) on Wednesday, less than a month before the 2018 Winter Olympics begin in Pyeongchang, South Korea. The group, known as “Fancy Bear,” posted conspiracy theory-laced, Illuminati-themed, heavily doctored pictures of Olympic officials Wednesday with text teasing a new release. A few hours later, the group posted a link to a website and leaked email archives with the title “#WADA vs. #IOC: Fight for Clean Sport or Fight for Power?” A lengthy blog post accused “Anglo-Saxon” nations including the United States of fighting for “power and cash in the sports world” but doing so “on the pretext of defending clean sport.” The group, also known as APT28, is best known as being credited with breaching the the Democratic National Committee and Hillary for America campaign in 2016, as well as propaganda tied to other Olympic athletes […]

The post ‘Anglo-Saxon Illuminati’ responsible for Olympic doping controversy, according to Fancy Bear appeared first on Cyberscoop.

Continue reading ‘Anglo-Saxon Illuminati’ responsible for Olympic doping controversy, according to Fancy Bear

Intel CEO Krzanich addresses Meltdown and Spectre at CES

Posted on by

Intel CEO Brian Krzanich addressed the Meltdown and Spectre bugs during his keynote speech at CES in Las Vegas, saying that forthcoming updates will fix all processors that have been introduced in the past five years. Krzanich thanked cybersecurity professionals for their work in uncovering and fixing the bugs, touting “the collaboration among so many companies to address this industry-wide issue across several different processor architectures.” Meltdown and Spectre are two exploits that leverage critical vulnerabilities in a wide range of processor chips. Intel is the company most directly impacted. The vulnerabilities allow attackers to steal data being processed on the computer, including passwords and other sensitive data. Since the bug became public, users have complained that patches have slowed computer performance anywhere from five to 30 percent. “We believe the performance impact of these updates is highly workload dependent,” he said. “Some workloads may experience a larger impact that […]

The post Intel CEO Krzanich addresses Meltdown and Spectre at CES appeared first on Cyberscoop.

Continue reading Intel CEO Krzanich addresses Meltdown and Spectre at CES

VirusTotal’s new graph feature maps malware

Posted on by

VirusTotal, a popular malware aggregation tool and repository, added a graphing feature on Monday to aid investigations by helping chart relationships across files, URLs, domains and IP addresses. VirusTotal analyzes files and URLs to help identify malware by running a large set of antivirus tools and website scanners against targets. It was launched in 2004 by the Spanish security company Hispasec Sistemas and acquired in 2012 by Google.   The tool, which has received generally positive feedback so far, has been in development since at least last year. It comes on the heels of a revamped user interface and the addition of a premium file detection monitoring service called VirusTotal Monitor.

The post VirusTotal’s new graph feature maps malware appeared first on Cyberscoop.

Continue reading VirusTotal’s new graph feature maps malware

Western Digital removes hard-coded backdoor from personal cloud drives

Posted on by

Owners of Western Digital My Cloud should make sure they’ve downloaded the most recent security patches after a hard-coded backdoor was recently discovered on the product. Researcher James Bercegay discovered and disclosed last Wednesday a username and password that gives users admin privileges to a dozen Western Digital models. He urges users to upgrade firmware to version 2.30.174. The problems were reported to Western Digital last year and a patch has since removed the back door. The more fundamental question — why was there a backdoor in the first place? — remains unanswered by the company despite repeated inquiries from CyberScoop. “This is a classic backdoor,” Bercegay wrote in a blog post outlining the problems with also included pre-authenticated remote root code execution essentially allowing complete takeover of the device. “The triviality of exploiting this issues makes it very dangerous, and even wormable,” the researcher wrote. “Not only that, but users locked to a LAN […]

The post Western Digital removes hard-coded backdoor from personal cloud drives appeared first on Cyberscoop.

Continue reading Western Digital removes hard-coded backdoor from personal cloud drives

Winter Olympics targeted by nation-state level hacking campaign

Posted on by

Hackers targeted the upcoming 2018 Winter Olympics in a campaign that had all the hallmarks of a nation-state hacking campaign, according to the cybersecurity firm McAfee. A slate of organizations involved with the Pyeongchang-based games received spearphishing emails beginning Dec. 22, 2017 and continuing until the end of the month. The attackers pretended to be with the South Korean National Counter-Terrorism Center. The goal was to have targets open a malicious Microsoft Word document that would establish a backdoor on targeted machines so hackers could then take additional steps to steal data or completely take over a computer. The Olympics are a major target for hackers because billions of dollars as well as global geopolitical undertones always run through the event. The South Korean organizing committee is spending 1.3 billion won ($1.2 million) on cybersecurity for the games. “Overall, this is an example of something that happens fairly regularly with major events and the Olympics generally,” Betsy […]

The post Winter Olympics targeted by nation-state level hacking campaign appeared first on Cyberscoop.

Continue reading Winter Olympics targeted by nation-state level hacking campaign

Malicious adware downloaded over 1.5 million times in Google Play store

Posted on by

The Google Play Store is like the world’s busiest mall. It’s packed with 2 billion active monthly users, 3.5 million apps, plenty of businesspeople and a long line of con artists too. Disclosed this week, new malicious adware dubbed LightsOut was downloaded over 1.5 million times in the Google Play Store, used to generate illegal ad revenue for its creators. Researchers at the cybersecurity firm Check Point Technologies detected the malware and Google has since removed the app. When asked who is responsible, Check Point researchers told CyberScoop that they “do not know.” Hiding in 22 flashlight and utility apps, LightsOut’s goal was to pummel users with ads at all times even when people tried to disable them. Hardly a subtle approach, removing the app is difficult because LightsOut hides the app’s icon in attempt to elude victims. LightsOut is the latest entry to a growing list of Play Store malware outbreaks impacting […]

The post Malicious adware downloaded over 1.5 million times in Google Play store appeared first on Cyberscoop.

Continue reading Malicious adware downloaded over 1.5 million times in Google Play store