Patrick Howell O’Neill – Page 34

A reversal? Large-scale DDoS attacks take recent dip

Posted on August 22, 2017 by Patrick Howell O'Neill

Massive denial of service attacks were largely missing from the internet this summer, according to new research from Akamai. The second quarter of 2017 marks the first time in three years that the company didn’t see a denial of service attack measuring over 100 gigabits per second. That’s down from two such attacks at the beginning of 2017, Akamai’s Martin McKeay told CyberScoop. The biggest attack of the quarter saw PBot DDoS malware used to launch a 75 gigabits per second attack using 400 nodes against a financial organization. That’s an extraordinarily small number of nodes compared to the usual scope of these attacks, which can reach into the tens of thousands. Even so, the weaponized traffic was significant. The small number of nodes but large traffic from the PBot attack was characteristic of trends throughout the quarter. Akamai saw a 28 percent increase in DDoS attacks, but the number of unique IP […]

The post A reversal? Large-scale DDoS attacks take recent dip appeared first on Cyberscoop.

Continue reading A reversal? Large-scale DDoS attacks take recent dip→

Chinese ad platform secretly stole phone data from Android devices

Posted on August 22, 2017 by Patrick Howell O'Neill

A popular Chinese advertising software development kit, used on over 500 Google Play apps with millions of downloads each, spied on unsuspecting users and developers and secretly took data including GPS data, device identifiers and call logs. Investigating suspicious traffic during a review of apps that communicate with IPs and servers that have a history of serving malware, researchers from mobile security company Lookout saw an app downloading large, encrypted files after requests to an endpoint used by the Igexin ad software development kit, behavior typical of malware acting after a temporarily clean app installation. “It is becoming increasingly common for innovative malware authors to attempt to evade detection by submitting innocuous apps to trusted app stores, then at a later time, downloading malicious code from a remote server,” the researchers wrote. “Igexin is somewhat unique because the app developers themselves are not creating the malicious functionality – nor are they […]

The post Chinese ad platform secretly stole phone data from Android devices appeared first on Cyberscoop.

Continue reading Chinese ad platform secretly stole phone data from Android devices→

Newly uncovered Carbon Black bug may have mistakenly sent files to VirusTotal

Posted on August 18, 2017 by Patrick Howell O'Neill

It’s been a week since Carbon Black got into a very public PR scuffle over what was charged to be a flaw in its Cb Response product that revealed sensitive user data. Now the Massachusetts-based security firm has informed customers that an internal review revealed a new bug in Cb Response, wholly separate from last week’s fight, that potentially revealed sensitive data for some of the company’s customers. The new bug can potentially result in files being miscategorized and mistakenly uploaded to VirusTotal where they can be seen publicly. The new problem is miniscule by comparison to the allegation last week, potentially impacting only ten customers according to a blog posted by the company after Brian Krebs broke the news. “In the presence of certain MacOS third-party applications, the Cb Response sensor (v5.2.7+ and v6.0.4+) occassionally miscategorizes some content files as binaries,” CEO Michael Viscuso explained. “If a customer configured a computer to […]

The post Newly uncovered Carbon Black bug may have mistakenly sent files to VirusTotal appeared first on Cyberscoop.

Continue reading Newly uncovered Carbon Black bug may have mistakenly sent files to VirusTotal→

FBI pushes private sector to cut ties with Kaspersky

Posted on August 17, 2017 by Patrick Howell O'Neill

The FBI has been briefing private sector companies on intelligence claiming to show that the Moscow-based cybersecurity company Kaspersky Lab is an unacceptable threat to national security, current and former senior U.S. officials familiar with the matter tell CyberScoop. The briefings are one part of an escalating conflict between the U.S. government and Kaspersky amid long-running suspicions among U.S. intelligence officials that Russian spy agencies use the company as an intelligence-gathering tool of global proportions. The FBI’s goal is to have U.S. firms push Kaspersky out of their systems as soon as possible or refrain from using them in new products or other efforts, the current and former officials say. The FBI’s counterintelligence section has been giving briefings since beginning of the year on a priority basis, prioritizing companies in the energy sector and those that use industrial control (ICS) and Supervisory Control and Data Acquisition (SCADA) systems. In light of successive cyberattacks against the electric grid in Ukraine, […]

The post FBI pushes private sector to cut ties with Kaspersky appeared first on Cyberscoop.

Continue reading FBI pushes private sector to cut ties with Kaspersky→

Bad backdoor found in server software used by financial institutions

Posted on August 16, 2017 by Patrick Howell O'Neill

Software security used globally by banks, energy firms and pharmaceutical manufacturers had a backdoor surreptitiously added by an advanced attacker that allowed a full takeover of target networks. Kaspersky Lab researchers published a report on Tuesday warning about the backdoor, called ShadowPad, that impacted products sold by NetSarang, a software company headquartered in the United States and South Korea. The backdoor was active from July 17 to August 4 when it was sniffed out by Kaspersky researchers who found suspicious DNS requests in a Hong Kong financial institution using NetSarang’s software. News of ShadowPad comes on the heels of June’s NotPetya outbreak. A backdoor in the Ukranian tax software M.E.Doc allowed attackers to push malware to victims through the software’s update feature, outlining how backdoored supply-chain attacks can lead to weaponized updates. Kaspersky pointed to other attacks similar to ShadowPad including the 2013’s WinNTi malware and 2015’s PlugX Trojan. “ShadowPad is an example of how dangerous […]

The post Bad backdoor found in server software used by financial institutions appeared first on Cyberscoop.

Continue reading Bad backdoor found in server software used by financial institutions→

One Nigerian man’s simple phishing campaign drains thousands from corporate coffers

Posted on August 15, 2017 by Patrick Howell O'Neill

One Nigerian man, working alone and using old malware, launched an email-based malware campaign that successfully stole thousands of dollars from manufacturing, banking and construction companies around the world. A new report from CheckPoint Technologies spotlights a low-sophistication campaign of business email compromise (BEC) attacks against 4,000 global companies in the last four months. Security researchers say they traced the attacks back to a single individual in his mid-20s aiming infect target networks, steal data and commit fraud. The thousands of attempts have resulted in 14 companies being infected. Nigerian and international law enforcement were informed a month ago, CheckPoint threat intelligence manager Maya Horowitz told CyberScoop, but it’s not clear if any action has been taken. The attacker uses the phrase “get rich or die trying” on social media accounts, the researchers said, lending that name to the case study. The attacker uses fake emails appearing to come from Saudi Aramco, the second-largest daily oil […]

The post One Nigerian man’s simple phishing campaign drains thousands from corporate coffers appeared first on Cyberscoop.

Continue reading One Nigerian man’s simple phishing campaign drains thousands from corporate coffers→

Marcus Hutchins pleads not guilty to creating Kronos banking malware

Posted on August 14, 2017 by Patrick Howell O'Neill

Marcus Hutchins, the security researcher known as MalwareTech, pleaded not guilty on Monday to charges of creating the Kronos banking malware. Hutchins was arrested on Aug. 2 in Las Vegas, an incident that’s echoed loudly throughout the cybersecurity community. Free on $30,000 bail, Hutchins will reside in Los Angeles with GPS tracking and will continue his work online as a security researcher with the exception of being able to work on or access the WannaCry sinkhole used to stop the ransomware. Monday’s court date saw Hutchins allowed back on the internet for the first time since his arrest. The prominent British researcher is now being represented by the trial attorney Brian Klein and the Electronic Frontier Foundation’s Marcia Hofmann. “Marcus Hutchins is a brilliant young man and a hero,” Hofmann told the press after the hearing, referring to Hutchins’ role in stopping the spread of WannaCry ransomware in May. “He is going to vigorously defend himself against these […]

The post Marcus Hutchins pleads not guilty to creating Kronos banking malware appeared first on Cyberscoop.

Continue reading Marcus Hutchins pleads not guilty to creating Kronos banking malware→

Malware campaigns hit North Korea following nuclear ICBM tests

Posted on August 8, 2017 by Patrick Howell O'Neill

Researchers have stitched together two sophisticated malware campaigns that are targeting North Korea, raising suspicion over counteractions tied to the country’s aggressive weapons testing. Cybersecurity researchers from Cylance released a report Tuesday asserting that Konni, a recently discovered but long active family of remote access trojans, was used in a malware campaign targeting North Korea shortly after a July 3 missile test. It marks the fifth known Konni campaign in three years and the third in 2017. This follows similar reports from the firm Talos that showed a Konni campaign launched just a day after missile tests on July 4. In addition to the malware campaign, Cylance is connecting Konni to a hacking group known as DarkHotel. Just a few days after the July ICBM test, a whitepaper by the cybersecurity firm BitDefender reported a new campaign from DarkHotel, a group that has successfully targeted businesses for a decade through security holes in Wi-Fi infrastructure at hotels around the world. The […]

The post Malware campaigns hit North Korea following nuclear ICBM tests appeared first on Cyberscoop.

Continue reading Malware campaigns hit North Korea following nuclear ICBM tests→

Malware campaigns hit North Korea following nuclear ICBM tests

Posted on August 8, 2017 by Patrick Howell O'Neill

The post Malware campaigns hit North Korea following nuclear ICBM tests appeared first on Cyberscoop.

Continue reading Malware campaigns hit North Korea following nuclear ICBM tests→

Hotspot Shield accused of snooping on VPN users and selling data to advertisers

Posted on August 7, 2017 by Patrick Howell O'Neill

An internationally popular free VPN service, Hotspot Shield, intercepts user traffic and collects substantial data on users that contradict’s the company’s promise to offer complete anonymity, according to a 14-page complaint filed Monday by the Center for Democracy and Technology. The accusations filed with the Federal Trade Commission says Hotspot Shield has “undisclosed data sharing and traffic redirection practices” that violate its promise to users. Privacy is an issue across the entire VPN landscape: The small but profitable software projects hold immense power over millions of users, many of whom do not know important details about the products. Researchers from CDT and Carnegie Mellon say that, in contrast to the product’s public promises, Hotspot Shield’s privacy policy outlines data logging that may include user location, IP address, unique device identifiers and browsing information in order to work with advertisers. Furthermore, the company is accused of redirecting traffic to domains from advertising partners. Finally, some sensitive data […]

The post Hotspot Shield accused of snooping on VPN users and selling data to advertisers appeared first on Cyberscoop.

Continue reading Hotspot Shield accused of snooping on VPN users and selling data to advertisers→