Quiz: Will cybersecurity get you fired?
Credit to Author: Bender the Robot| Date: Mon, 10 Jul 2017 11:00:37 +0000
Soon, cyberincidents will be firing offenses. Are you safe?
Read MoreComputer Security Articles
RSS Reader for Computer Security Articles
Month: July 2017
Unclear on the concept, plastic edition
Credit to Author: Sharky| Date: Mon, 10 Jul 2017 03:00:00 -0700
This IT pilot fish tries to practice good data security in his personal life as well as on the job — but that doesn’t always work out.
“My wife was going to charge some travel expenses on my credit card during her break at work,” says fish. “So as not to give up my card for the day, I wrote the number, expiration date and security code on a piece of paper.
“As I wrote the 16 digits out, I realized that she was taking this piece of paper to work, and who knows who might see it or what might happen if she were to throw it out? So instead of writing the last four digits, I wrote “xxxx,” and texted them to her instead.
“I thought I had done a decent job in protecting my credit card information — until later that morning, when she texted me saying that there was an issue with one of the charges. Would I mind calling, since she was unable? No problem, I responded. Can you send me the number to call?
To read this article in full or to leave a comment, please click here
Unmasking Android Malware: A Deep Dive into a New Rootnik Variant, Part I
Credit to Author: Kai Lu| Date: Sun, 09 Jul 2017 14:00:00 +0000
Part I: How to Unpack the Malware App This past January I performed a deep analysis of an Android rootnik malware variant and posted them to this blog. Since then, I have continued to monitor this Android malware family. In early June, FortiGuard Labs found a new variant of the Android rootnik malware that disguises itself as a legal app. It then uses open-sourced Android root exploit tools to gain root access on an Android device. To be clear, this malware was NOT found in Google Play. The developer of the malware app repackaged a legal app…
Read MoreUnmasking Android Malware: A Deep Dive into a New Rootnik Variant, Part II
Credit to Author: Kai Lu| Date: Sun, 09 Jul 2017 14:00:00 +0000
In part I of this blog, I finished the analysis of the native layer of a newly discovered Rootnik malware variant, and got the decrypted real DEX file. Here in part II, we will continue our analysis. A look into the decrypted real DEX file The entry of the decrypted DEX file is the class demo.outerappshell.OuterShellApp. The definition of the class OuterShellApp is shown below. Figure 1. The class demo.outerappshell.OuterShellApp We will first analyze the function attachBaseContext(). The following is the function aBC() in the class…
Read MoreUnmasking Android Malware: A Deep Dive into a New Rootnik Variant, Part III
Credit to Author: Kai Lu| Date: Sun, 09 Jul 2017 14:00:00 +0000
In this final blog in the Rootnik series we will finish our analysis of this new variant. Let’s start by looking into the script shell rsh. Analysis of the script shell Through our investigation we are able to see how the script shell works: First, it writes the content of the file .ir into /system/etc/install-recovery.sh. The file install-recovery.sh is a startup script. When the android device is booted, the script can be executed. The following is the content of the file .ir. Next, it writes some files…
Read MoreSelf-Service Food Kiosk Vendor Avanti Hacked
Credit to Author: BrianKrebs| Date: Sat, 08 Jul 2017 15:09:48 +0000
Avanti Markets, a company whose self-service payment kiosks sit beside shelves of snacks and drinks in thousands of corporate breakrooms across America, has suffered of breach of its internal networks in which hackers were able to push malicious software out to those payment devices, the company has acknowledged. The breach may have jeopardized customer credit card accounts as well as biometric data, Avanti warned.
Read MorePetya's Master Boot Record Infection
Credit to Author: Gabriel Hung and Margarette Joven| Date: Sat, 08 Jul 2017 12:00:00 +0000
Last week we started our technical analysis on Petya (also called NotPetya) and its so-called “killswitch.” In that blog post we mentioned that Petya looks for a file in the Windows folder that has the same filename (no extension) as itself (for example: C:WindowsPetya). If it exists, it terminates by calling ExitProcess. If it doesn't exist, it creates a file with the attribute DELETE_ON_CLOSE. This seems to imply that instead of a killswitch, this file is meant to be a marker to check and see if the system has already been infected. After…
Read MoreKey Differences Between Petya and NotPetya
Credit to Author: Raul Alvarez| Date: Sat, 08 Jul 2017 12:00:00 +0000
There have already been a lot of write-ups for the NotPetya malware. This article is just a supplement for what is already out there. Our focus is to highlight some key differences between a previous strain of the Petya ransomware and the malware that scared everyone a few weeks ago, which is now sometimes being referred to as NotPetya. I posted a blog post a couple of months ago about the MBR (Master Boot Record) infected by Petya. I explained how the ransomware infected the boot process and how it executed its own kernel code. In this post,…
Read More