Zaid Shoorbajee – Page 5 – WindowsTechs.com

Adobe issues fix for Flash bug allowing remote code execution

Posted on November 21, 2018 by Zaid Shoorbajee

Adobe has issued a patch for its Flash Player software, fixing a critical bug that would have allowed attackers to remotely execute malicious code. The company labels it as a “type confusion” vulnerability. That means that Flash Player could run a piece of code without verifying what type it is. If an unpatched version of Flash is running, an attacker could trick users into visiting a website hosting malicious code that could then run on the user’s Flash Player, as explained in a security advisory issued by Microsoft. According to SecurityWeek, the bug was originally reported by Israeli researcher Gil Dabah, who described it in a blog post on Nov. 13. It’s not clear why he disclosed publicly if a patch wasn’t ready, or why there was a week between his disclosure and the release of a patch. Adobe does not credit Dabah in its alert. Adobe Flash can be installed […]

The post Adobe issues fix for Flash bug allowing remote code execution appeared first on Cyberscoop.

Continue reading Adobe issues fix for Flash bug allowing remote code execution→

ESET: Vietnamese hacking group hijacks Southeast Asian sites in watering hole campaign

Posted on November 20, 2018 by Zaid Shoorbajee

A prominent Vietnam-linked hacking group is exploiting a number of Southeast Asian organizations’ websites to deliver malware that extracts detailed information about victims’ systems, researchers say. According to a report released Tuesday by Slovakian cybersecurity company ESET, the threat group APT32, also known as OceanLotus Group, has been conducting watering hole attacks using at least 21 vulnerable websites belonging to government, media and other organizations as far back as September. APT32 is believed to be based in Vietnam and possibly linked to its government. Past research has shown APT32 to be a highly capable threat group that targets a wide variety of public and private organizations with customized tools for each target. Similarly, this campaign shows APT32 using a unique domain and server for each website it’s using as a watering hole, and the group only sends additional payloads to specific victims, according to ESET. ESET said it notified 21 website […]

The post ESET: Vietnamese hacking group hijacks Southeast Asian sites in watering hole campaign appeared first on Cyberscoop.

Continue reading ESET: Vietnamese hacking group hijacks Southeast Asian sites in watering hole campaign→

Report: Emotet makes phishing lures more convincing by scraping victims’ emails

Posted on November 20, 2018 by Zaid Shoorbajee

Researchers from phishing protection company Cofense say that an active botnet spreading the Emotet banking trojan has significantly upgraded its ability to spoof financial organizations with convincing phishing lures. The U.S. Computer Emergency Readiness Team (US-CERT) describes Emotet as “an advanced, modular banking Trojan” that is “among the most costly and destructive malware” for both public and private organizations. In a report published Tuesday, Cofense says it has observed Geodo — another name for Emotet — using an new scraping feature that makes its better at impersonating organizations. The feature lifts templates stolen from infected victims, then uses the templates to upgrade its phishing campaigns a with credible aura of a financial institution, according to the report. Previously known capabilities of Emotet’s spamming module include the ability to steal contact lists and email signatures, Cofense says. But in this campaign, researchers say there’s the added capability to scrape up to 16 […]

The post Report: Emotet makes phishing lures more convincing by scraping victims’ emails appeared first on Cyberscoop.

Continue reading Report: Emotet makes phishing lures more convincing by scraping victims’ emails→

Blackberry acquiring Cylance for $1.4 billion

Posted on November 16, 2018 by Zaid Shoorbajee

Blackberry, the Canadian technology company that once was a giant in the mobile phone market, announced Friday that it is buying American cybersecurity company Cylance in a $1.4 billion cash deal. Although Cylance is expected to operate as a separate unit within its new parent company, Blackberry said it hopes Cylance’s artificial-intelligence-driven endpoint protection capabilities will mesh well with the security portfolio that it is trying to build. Blackberry has largely pivoted from making and selling smartphones to managing connected devices for enterprises. The acquisition — which had been the subject of rumors for at least a week — comes after Blackberry announced its new “Spark” platform in September, offering various internet-of-things (IoT) cybersecurity solutions. “The area we want to focus on growing is ‘enterprise of things’ which is the enterprise market of the IoT world,” Blackberry CEO John Chen said in a press call. Founded in 2012, Cylance is known for […]

The post Blackberry acquiring Cylance for $1.4 billion appeared first on Cyberscoop.

Continue reading Blackberry acquiring Cylance for $1.4 billion→

Proofpoint: Hackers testing new reconnaissance malware on financial institutions

Posted on November 15, 2018 by Zaid Shoorbajee

Hackers appear to be testing a new strain of malicious software in phishing emails sent to commercial banks and other targets, researchers from the security vendor Proofpoint said in a report published Thursday. The malware, dubbed tRat, employs modular capabilities, meaning it infiltrates a target for reconnaissance purposes and maintains the ability to download malicious payloads in the future. Proofpoint says tRat is being used by a group known as TA505, and another unidentified threat actor that used tRat as recently as October. Researchers say they haven’t observed the remote access trojan (RAT) being used to download any other malware to victims’ systems, so purpose of this campaign remains unclear. “[W]e can only speculate on what the eventual capabilities of the RAT may be,” Chris Dawson, threat intelligence lead at Proofpoint, told CyberScoop in an email. Proofpoint describes TA505 as a financially motivated threat group that has been involved in distributing […]

The post Proofpoint: Hackers testing new reconnaissance malware on financial institutions appeared first on Cyberscoop.

Continue reading Proofpoint: Hackers testing new reconnaissance malware on financial institutions→

Researchers earn thousands for exposing mobile device exploits at Pwn2Own

Posted on November 14, 2018 by Zaid Shoorbajee

Security researchers competing in the Pwn2Own competition in Tokyo this week earned a collective $325,000 for demonstrating new exploits on devices made by Samsung, Xiaomi, and Apple. Pwn2Own, a series of contests run by the Zero Day Initiative, brings security researchers to compete to expose the most vulnerabilities in popular software and devices. The competition in Tokyo on Tuesday and Wednesday focused on mobile devices. Researchers showed off an array of different methods in which the devices could be compromised, according to blogs posted by the Zero Day Initiative. Among their conquests, a duo of hackers known as Fluoroacetate used near-field communication to force the Xiaomi Mi6 phone to a custom website. They then executed code on a Samsung Galaxy S9 using a baseband vulnerability, and successfully exfiltrated a deleted picture from an iPhone X. A team of researchers from MWR Labs, division of F-Secure, used a string of different bugs to force the Xiaomi Mi6 and […]

The post Researchers earn thousands for exposing mobile device exploits at Pwn2Own appeared first on Cyberscoop.

Continue reading Researchers earn thousands for exposing mobile device exploits at Pwn2Own→

Automox raises $9.3 million in Series A for automated patch management

Posted on November 13, 2018 by Zaid Shoorbajee

Automox, a startup that provides an automated patching service, brought in $9.3 million in its Series A funding round, the company announced Tuesday. The Boulder, Colorado, company’s platform helps enterprises manage and patch the various devices and programs that run on their networks. It comes with tools that give visibility into systems and allow users to automate patching. Automox says that it serves a diverse set of customers, including Greyhound Lines, Hootsuite, NASA, Quicken,Yale University, Xerox and Dollar Shave Club. “At the heart of every corporate cyber practice are two basic questions: are all of my systems and software patched and up to date, and are those systems configured and maintained correctly?” said Automox CEO Jay Prassl, in a press release. “Imagine eliminating all those issues for corporations and organizations of every size. That is exactly what we are doing at Automox through our automated cloud platform.” TechOperators led the funding round, with […]

The post Automox raises $9.3 million in Series A for automated patch management appeared first on Cyberscoop.

Continue reading Automox raises $9.3 million in Series A for automated patch management→

Cylance: Spy campaign targeting Pakistani officials installs malware, then surrenders

Posted on November 12, 2018 by Zaid Shoorbajee

A previously unobserved threat actor with the characteristics of a nation-state is using advanced techniques to target Pakistani officials with spyware, according to a report published by cybersecurity company Cylance on Monday. The researchers describe “Operation Shaheen” as sophisticated espionage campaign targeting people connected to the Pakistani military or government agencies. Through a combination of old and new methods, the perpetrators, which Cylance labels “White Company,” try to deploy spyware onto their victims’ systems while avoiding detection. At a certain point, however, the malware purposefully exposes itself for unclear reasons. Cylance said that White Company’s sophisticated methods of compromise, its evasion techniques and its targets suggest that it’s a previously unseen threat actor and is likely state-sponsored. Attribution-wise, Cylance’s assessment doesn’t get much more specific than that, as the researchers “found no mistakes that might reveal the true identity of The White Company.” The report breaks down the espionage campaign […]

The post Cylance: Spy campaign targeting Pakistani officials installs malware, then surrenders appeared first on Cyberscoop.

Continue reading Cylance: Spy campaign targeting Pakistani officials installs malware, then surrenders→

Flaw in WordPress plugin allowed unauthorized admin access, backdoors

Posted on November 12, 2018 by Zaid Shoorbajee

A now-patched flaw in a popular plugin was allowing hackers to take over various WordPress sites and act as administrators, putting them in a position to cause further damage, according to Wordfence, a company that makes security software for the publishing platform. The plugin, WP GDPR Compliance, is meant to help WordPress site owners comply with Europe’s General Data Protection Regulation by automating tasks like data access requests and data deletion requests. GDPR requires that companies give their users the option to view or delete data that pertains to them. A bug in the privacy-focused plugin was exploited in the wild, Wordfence said in a report published Thursday, allowing “unauthenticated attackers to achieve privilege escalation.” The vulnerability allowed attackers to force affected WordPress sites to perform arbitrary actions, including installing new administrator accounts. Wordfence researchers said they also observed attackers installing backdoors, but it’s not clear what they’re intended to be used […]

The post Flaw in WordPress plugin allowed unauthorized admin access, backdoors appeared first on Cyberscoop.

Continue reading Flaw in WordPress plugin allowed unauthorized admin access, backdoors→

DHS head: ‘Relentless resilience’ will drive collaboration on cybersecurity

Posted on November 9, 2018 by Zaid Shoorbajee

As the Department of Homeland Security continues to change the way it handles various cyberthreats the U.S. faces, the agency’s head said it’s focusing on making essential functions provided by critical infrastructure sectors more resilient. “Today’s cybertattacks can manifest in physical consequences and attackers are deploying cyber weapons to disrupt and destruct, requiring much more sophisticated defenses,” DHS Secretary Kirstjen Nielsen said at the SINET conference in Washington on Thursday. “Infrastructure continues to be a significant target of interest for a diverse group of threat actors. Nation-states such as Russia, China, Iran, North Korea, as well as cybercriminals, terrorist groups, and others today can initiate attacks anywhere in the world, any time.” As DHS plays a lead role in warding off the cyberthreats Nielsen described, she described focusing on protecting specific critical infrastructure assets as an outdated norm. Instead, DHS is looking to focus on protecting essential functions that are the product of multiple […]

The post DHS head: ‘Relentless resilience’ will drive collaboration on cybersecurity appeared first on Cyberscoop.

Continue reading DHS head: ‘Relentless resilience’ will drive collaboration on cybersecurity→