Security Research – Page 16

Brazilian ‘pirates’ sail around two-factor authentication to vex banking sector

Posted on April 16, 2019 by Sean Lyngaas

For researchers investigating malicious network activity in a given country, scanning hacker forums is like reading tea leaves. The discussion boards can provide insight about which malware is most popular, its likely victims and some clues that can help identify the thieves cashing in. In Brazil, underground bazaars host a bevy of hackers that cybersecurity company Recorded Future has dubbed “pirates” for their willingness to change tactics at any time in order to find easy money. That traditionally could mean flooding a large number of users with text messages and counting on someone to click a link, or using spam to change the domain name settings on local routers. It’s clear now some so-called pirates are capable of more. Skilled Brazilian cybercriminals are able to circumvent two-factor authentication through SIM-swapping, by compromising desktops used for banking, or by directly interfering with the banking sessions, according to research published Tuesday by Recorded Future. The findings illuminate a Brazilian […]

The post Brazilian ‘pirates’ sail around two-factor authentication to vex banking sector appeared first on CyberScoop.

Continue reading Brazilian ‘pirates’ sail around two-factor authentication to vex banking sector→

Get those Verizon Fios routers patched, Tenable says

Posted on April 9, 2019 by Sean Lyngaas

If hackers managed to exploit vulnerabilities in widely used Verizon Fios routers, they would have full control of a wireless home network and access to devices connected to them, researchers said Tuesday. The new vulnerabilities, uncovered by cybersecurity company Tenable, point to underlying security issues in Verizon Fios Quantum Gateway routers, which are given to new customers unless they opt out. In tinkering with his Fios router, Chris Lyne, a Tenable researcher, showed how an attacker could change security settings on the router or capture login requests sent through the device. The research highlights the extent to which routers can be a gateway into networked homes. An attacker who is authenticated to the router’s administrative web portal could exploit one of the vulnerabilities to gain root-level access to the router, Lyne said. The exploit can be run through two possible password parameters, which load a script on the router’s web […]

The post Get those Verizon Fios routers patched, Tenable says appeared first on CyberScoop.

Continue reading Get those Verizon Fios routers patched, Tenable says→

Nation-state hacking kit ‘Flame’ had a second life, researchers say

Posted on April 9, 2019 by Sean Lyngaas

Flame, the nation-state-developed malware kit that targeted computers in Iran, went quiet after researchers exposed it in 2012. The attackers tried to hide their tracks by scrubbing servers used to talk to infected computers. Some thought they had seen the last of the potent malware platform. Flame’s disappearance “never sat right with us,” said Juan Andres Guerrero-Saade and Silas Cutler, researchers with Alphabet’s Chronicle. On Tuesday at the Kaspersky Security Analyst Summit in Singapore, they showed that Flame hadn’t died, it had just been reconfigured. Tracing early components of Flame, Guerrero-Saade and Cutler found a new version of it that was likely used between 2014 and 2016. Flame 2.0 is “clearly built” from the original source code, but it has new measures aimed at eluding researchers, they wrote in a paper. The discovery shows how good source code dies hard, and that tracking its evolution can be a very long game […]

The post Nation-state hacking kit ‘Flame’ had a second life, researchers say appeared first on CyberScoop.

Continue reading Nation-state hacking kit ‘Flame’ had a second life, researchers say→

How to Reverse Malware on macOS Without Getting Infected | Part 2

Posted on April 9, 2019 by Philip Stokes

Continue learning how to reverse malware on Apple macOS with Part 2 in our series. Learn about Apple’s Mach-O native binary format and how to decode it
The post How to Reverse Malware on macOS Without Getting Infected | Part 2 appeared first on Securit… Continue reading How to Reverse Malware on macOS Without Getting Infected | Part 2→

How to Reverse Malware on macOS Without Getting Infected | Part 1

Posted on April 4, 2019 by Philip Stokes

Ever wanted to learn how to reverse malware on Apple macOS? This is the place to start! Join us in this 3-part series on macOS reverse engineering skills.
The post How to Reverse Malware on macOS Without Getting Infected | Part 1 appeared first on Secu… Continue reading How to Reverse Malware on macOS Without Getting Infected | Part 1→

Ursnif – A Polymorphic Delivery Mechanism Explained

Posted on April 3, 2019 by Nick Fox

How can malware rapidly change itself within seconds from one download to another? Read on to discover how Ursnif delivers custom malicious payloads.
The post Ursnif – A Polymorphic Delivery Mechanism Explained appeared first on Security Boulevard.
Continue reading Ursnif – A Polymorphic Delivery Mechanism Explained→

Trickbot | Technical Analysis of a Banking Trojan Malware

Posted on March 28, 2019 by Nick Fox

Trickbot malware continues to evolve. We take a deep-dive into how Trickbot works from initial infection to final payloads. Want to see how it works?
The post Trickbot | Technical Analysis of a Banking Trojan Malware appeared first on Security Boulevard.
Continue reading Trickbot | Technical Analysis of a Banking Trojan Malware→

Elfin espionage group is focused on Saudi, U.S. organizations, Symantec says

Posted on March 27, 2019 by Sean Lyngaas

In the last three years, a suspected Iranian cyber-espionage group has targeted organizations in Saudi Arabia and the United States in attacks spanning several sectors, researchers from cybersecurity company Symantec said Wednesday. The researchers described a hacking group that “has compromised a wide range of targets, including governments along with organizations in the research, chemical, engineering, manufacturing, consulting, finance, telecoms, and several other sectors.” Some three-quarters of the 50 organizations hit by the group that Symantec calls Elfin and that others label APT33 are based in Saudi Arabia and the U.S., the researchers said. FireEye, another cybersecurity company, previously has concluded that APT33 “works at the behest of the Iranian government,” and that it has taken a particularly close interest in the aviation sector. The tally of American targets includes “a number of Fortune 500 companies,” according to Symantec. “Elfin’s goal appears to be sabotage,” Jon DiMaggio, senior threat intelligence analyst at Symantec, told […]

The post Elfin espionage group is focused on Saudi, U.S. organizations, Symantec says appeared first on CyberScoop.

Continue reading Elfin espionage group is focused on Saudi, U.S. organizations, Symantec says→

Lazarus rises in Israel with attempted hack of defense company, researchers say

Posted on March 26, 2019 by Sean Lyngaas

A notorious hacking group experts have tied to the North Korean government has targeted an Israeli defense company, according to new research outlining what appears to be one of the group’s first attacks on an Israeli entity. The unnamed company makes products used in the military and aerospace industries, and the hackers could have been after commercial secrets or more traditional espionage, according to ClearSky, the cybersecurity firm that exposed the operation. The suspected culprit is Lazarus Group, an industry term for a broad set of hackers associated with Pyongyang. “We cannot be sure what the objective of the attackers [was],” Eyal Sela, head of threat intelligence at ClearSky, told CyberScoop in an email. “[It] could be industrial/commercial espionage but could be military espionage, for example.” North Korean dictator Kim Jim Un has set ambitious economic goals, and some cybersecurity analysts have predicted he will unleash the Pyongyang-affiliated hackers to meet those deadlines by targeting multinational companies’ trade […]

The post Lazarus rises in Israel with attempted hack of defense company, researchers say appeared first on CyberScoop.

Continue reading Lazarus rises in Israel with attempted hack of defense company, researchers say→

LockerGoga Ransomware Targets Aluminum Manufacturer Norsk Hydro, American Chemicals Companies Hexion and Momentive

Posted on March 25, 2019 by Anton Ziukin

How does LockerGoga ransomware work? Why is it importantly different from other malware? We tear it down and reveal the secrets behind this attack
The post LockerGoga Ransomware Targets Aluminum Manufacturer Norsk Hydro, American Chemicals Companies He… Continue reading LockerGoga Ransomware Targets Aluminum Manufacturer Norsk Hydro, American Chemicals Companies Hexion and Momentive→