Collaborate Disseminate
In this post, we begin the first of a two-part series explaining how this Shadow SUID Protection came about
The post How Shadow SUIDs Can be Used to Exploit Linux Systems: Part 1 appeared first on Security Boulevard.
Continue reading How Shadow SUIDs Can be Used to Exploit Linux Systems: Part 1
A criminal hacking group suspected of operating out of Russia has shifted tactics in recent months from wire fraud to targeting big organizations for ransomware payouts, according to new research. The change in tactics is exemplified by the infamous Ryuk ransomware, which cybersecurity company CrowdStrike said Thursday is being used by a subset of the Russian group to rake in $3.7 million since August. The trend in extorting bigger organizations “has been increasing in the last year and poses a significant challenge to enterprises and businesses,” Adam Meyers, vice president of intelligence at CrowdStrike, told CyberScoop. “We have observed numerous adversaries adopting this tactic and charging substantial fees to unlock data across the entire network.” Ryuk has surfaced in a number of cyber incidents in recent months. A North Carolina water utility said it was hit by the ransomware in October. Last month, Ryuk was reportedly used in an attack […]
The post Ryuk ransomware shows Russian criminal group is going big or going home appeared first on CyberScoop.
Continue reading Ryuk ransomware shows Russian criminal group is going big or going home
The mobile applications have innocuous-sounding names like Flappy Birr Dog and Flappy Bird, but something sinister lurks inside. Spyware masquerading as those Android apps and others were downloaded over 100,000 times from the Google Play store last year, cybersecurity company Trend Micro said Thursday. Google has removed all of the apps from the store, but the episode is a reminder of the ease with which crooks can hide their malware in popular app markets. The spyware is capable of siphoning call logs, SMS conversations, and clipboard items from a user’s phone, according to Trend Micro. Users in scores of countries around the world were affected, researchers said, with a third of infections taking place in India. The so-called MobSTSPY spyware uses a cloud-messaging service to send the stolen information to a command-and-control server, registering the infected device. The malware then lies in wait for the attacker to send it commands from […]
The post Cutely named apps siphon user data from phones appeared first on CyberScoop.
Continue reading Cutely named apps siphon user data from phones
Cybersecurity researchers have detected new spearphishing and malicious-email campaigns associated with two Russian-government-linked hacking groups known for breaching the Democratic National Committee in 2016. One campaign spotted by Palo Alto Networks featured a wave of malicious documents targeting government organizations in Europe, North America, and an unnamed former Soviet state. The documents, which researchers intercepted in late October and early November, included a variant of the Zebrocy Trojan that sends screenshots of a victim’s network back to a command-and-control server. Unit 42, Palo Alto Networks’ intelligence team, tied the malicious-email campaign to the Sofacy Group, a Russian hacking outfit also known as APT28 and Fancy Bear, which has deployed Zebrocy. Meanwhile, FireEye researchers on Monday published details on a spearphishing offensive that had technical similarities with a 2016 campaign from the APT29 Russian hacking group. Western governments have attributed APT28 and APT29 to different parts of Russia’s intelligence services. The campaign tracked by FireEye sent malicious […]
The post Russian APT activity is resurgent, researchers say appeared first on Cyberscoop.
Continue reading Russian APT activity is resurgent, researchers say
With their ability to carry malware into sensitive environments, USB drives have long been a red flag for industrial facilities. A new study puts hard data behind those concerns and shows how the drives can propagate advanced threats like Stuxnet and Trisis. Of the 50 industrial sites on four continents where Honeywell International analyzed USB usage, 44 percent of sites detected and blocked at least one malicious file. These weren’t just run-of-the-mill files: 15 percent of the threats detected and blocked were infamous malware packages like Stuxnet and Trisis (2 percent each), Mirai (6 percent) and WannaCry (1 percent). About a quarter of the threats blocked could cause “a major disruption to an industrial control environment,” according to Honeywell, an industrial automation giant. The overall volume of USB-based malware found by Honeywell researchers was relatively small, but the types of threats detected were more serious than researchers had anticipated. “It’s […]
The post USB threat to industrial facilities comes into sharp focus with new Honeywell data appeared first on Cyberscoop.
Continue reading USB threat to industrial facilities comes into sharp focus with new Honeywell data
In the 2nd research of SKREAM, our researchers suggest a generic way to mitigate pool overflow vulnerabilities, based on randomizing the pool allocation
The post SKREAM Reloaded: Randomizing Kernel Pool Allocations appeared first on Security Boulevard.
Continue reading SKREAM Reloaded: Randomizing Kernel Pool Allocations
Magecart, a tool used by a broad set of hackers to steal online payment data, has been rampant in recent months. The group has allegedly breached popular websites like those of British Airways and Ticketmaster UK by injecting malicious scripts directly or through third-parties to siphon off customer data en masse. With the body of forensic evidence tied to Magecart growing, researchers with analytics company Securonix have released recommendations for defending against the groups. The goal is keep online vendors from being Magecart’s next high-profile scalp. The threat data can “increase the chances of early detection of this, and potentially other future variants of the Magecart malicious threat actor activity on your network,” Securonix’s Oleg Kolesnikov and Harshvardhan Parashar wrote in a research paper. There are at least three data channels that organizations need to monitor to boost their chances of detecting Magecart, according to Kolesnikov and Parashar: web server […]
The post Here’s how to defend your enterprise from Magecart appeared first on Cyberscoop.
Continue reading Here’s how to defend your enterprise from Magecart
A financially-motivated hacking group is trying to evade detection while it targets bank employees across the globe, according to research from cybersecurity company Palo Alto Networks. The Cobalt Group (also known as the Cobalt Gang) this month sent PDF files to bank employees to try to get them to download malicious macros, said researchers from Palo Alto Networks’ Unit 42 threat intelligence team. It is just the latest in a series of activities from a group known for its brazen multimillion-dollar heists on ATMs and the SWIFT banking-transaction system. The recent attack tracked by Unit 42 is simple – the PDF document doesn’t have code or an exploit. Instead, the attackers use social engineering to try to get the bank employees to download the macros. A link embedded in the PDF redirects the target to a malicious document. “Hiding in plain sight is a well-known tactic and that’s what we see these attackers […]
The post Cobalt Group tries to slip malicious PDFs past bank employees, researchers say appeared first on Cyberscoop.
Continue reading Cobalt Group tries to slip malicious PDFs past bank employees, researchers say
via wehatetowaste.com, original photo credit: Living Green Magazine
via the inimitable Mike Rothman, comes this tour de force research effort targeting of all things – Data Security. In which, the Securosis organization takes on what to protect and pr… Continue reading Rothman’s Data Security Reset, What To Target And Protect
The Food and Drug Administration has issued a cybersecurity advisory for two pieces of hardware that link to cardiac devices like pacemakers and defibrillators, citing a vulnerability that could allow unauthorized access to the programmers. The FDA said it confirmed that when the two models of programmers, which are made by Minneapolis-based Medtronic, have an internet connection, unauthorized users could exploit the vendor’s network to change the programmers’ functionality. “While we are not aware of patients who may have been harmed by this particular cyber vulnerability, the risk to patient harm of leaving such a vulnerability unaddressed is too great,” Suzanne Schwartz, a top cybersecurity official at the FDA, said Thursday in a statement. In response to the security and safety concerns, Medtronic said it disabled the internet-connected software updates for the programmers and that, as of Thursday, a company representative would manually and securely update all of the affected programmers. The […]
The post FDA warns users of cyber vulnerabilities in pacemaker programmers appeared first on Cyberscoop.
Continue reading FDA warns users of cyber vulnerabilities in pacemaker programmers