Malware & Vulnerabilities – Page 2 – Computer Security Articles

Credit to Author: Darlene Storm| Date: Mon, 15 May 2017 11:25:00 -0700

The latest WikiLeaks release of CIA malware documentation was overshadowed by the WannaCry ransomware attack sweeping across the world on Friday.

WikiLeaks maintains that “Assassin” and “AfterMidnight” are two CIA “remote control and subversion malware systems” which target Windows. Both were created to spy on targets, send collected data back to the CIA and perform tasks specified by the CIA. Both are persistent and can be scheduled to autonomously uninstall on a specific date and time.

The leaked documents pertaining to the CIA malware frameworks included 2014 user’s guides for AfterMidnight, AlphaGremlin – an addon to AfterMidnight – and Assassin. When reading those, you learn about Gremlins, Octopus, The Gibson and other CIA-created systems and payloads.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

'Kill switch' helps slow the spread of WannaCry ransomware

May 13, 2017 admin Malware & Vulnerabilities, Security, Windows 10

Credit to Author: Michael Kan| Date: Fri, 12 May 2017 18:24:00 -0700

Friday’s unprecedented ransomware attack may have stopped spreading to new machines — at least briefly — thanks to a “kill switch” that a security researcher has activated.

The ransomware, called Wana Decryptor or WannaCry, has been found infecting machines across the globe. It works by exploiting a Windows vulnerability that the U.S. National Security Agency may have used for spying.

The malware encrypts data on a PC and shows users a note demanding $300 in bitcoin to have their data decrypted. Images of the ransom note have been circulating on Twitter. Security experts have detected tens of thousands of attacks, apparently spreading over LANs and the internet like a computer worm.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

Ransomware attack spreads worldwide using alleged NSA exploit

May 12, 2017 admin Malware & Vulnerabilities, Security

Credit to Author: Michael Kan| Date: Fri, 12 May 2017 10:27:00 -0700

A ransomware attack appears to be spreading around the world, leveraging a hacking tool that may have come from the U.S. National Security Agency.

The ransomware, called Wanna Decryptor, struck hospitals at the U.K.’s National Health Service on Friday, taking down some of its network.

Spain’s computer response team, CCN-CERT, has also warned of a “massive attack” from the ransomware strain, amid reports that local telecommunications firm Telefonica was hit.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

A ransomware attack is spreading worldwide, using alleged NSA exploit

May 12, 2017 admin Malware & Vulnerabilities, Security

Credit to Author: Michael Kan| Date: Fri, 12 May 2017 10:27:00 -0700

A ransomware attack appears to be spreading around the world, leveraging a hacking tool that may have come from the U.S. National Security Agency.

The ransomware, called Wanna Decryptor, struck hospitals at the U.K.’s National Health Service on Friday, taking down some of its network.

Spain’s computer response team, CCN-CERT, has also warned of a “massive attack” from the ransomware strain, amid reports that local telecommunications firm Telefonica was hit.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

Microsoft fixes remote hacking flaw in Windows Malware Protection Engine

May 9, 2017 admin Malware & Vulnerabilities, Security, Windows 10

Credit to Author: Lucian Constantin| Date: Tue, 09 May 2017 11:32:00 -0700

Microsoft released an update for the malware scanning engine bundled with most of its Windows security products in order to fix a highly critical vulnerability that could allow attackers to hack computers.

The vulnerability was discovered by Google Project Zero researchers Tavis Ormandy and Natalie Silvanovich on Saturday and was serious enough for Microsoft to create and release a patch by Monday. This was an unusually fast response for the company, which typically releases security updates on the second Tuesday of every month and rarely breaks out of that cycle.

Ormandy announced Saturday on Twitter that he and his colleague found a “crazy bad” vulnerability in Windows and described it as “the worst Windows remote code execution in recent memory.”

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

Local cost of a Big Mac decides ransom amount for Fatboy ransomware

May 8, 2017 admin Cybercrime & Hacking, Malware & Vulnerabilities, Security

Credit to Author: Darlene Storm| Date: Mon, 08 May 2017 09:33:00 -0700

Location, location, location … you’ve heard it many times before but not when it comes to a ransomware deciding a ransom amount. Fatboy, a ransomware-as-a-service, is believed to be the first ransomware that automatically adjusts the ransom amount based on a victim’s location.

Just when you think you’ve heard every conceivable ransomware demand – not just ransoms paid in bitcoins or other cryptocurrencies like Monero, or paid in iTunes or Amazon gift cards, ransomware which costs nothing for decryption as long as you infect two other people, or even ransomware that demands a high score on a shooter game before decrypting drives – now there’s a ransomware that charges victims based on the Big Mac Index.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

Supply chain attack on HandBrake video converter app hits Mac users

May 8, 2017 admin Apple Mac, MacOS, Malware & Vulnerabilities, Security

Credit to Author: Lucian Constantin| Date: Mon, 08 May 2017 08:04:00 -0700

Hackers compromised a download server for HandBrake, a popular open-source program for converting video files, and used it to distribute a macOS version of the application that contained malware.

The HandBrake development team posted a security warning on the project’s website and support forum on Saturday, alerting Mac users who downloaded and installed the program from May 2 to May 6 to check their computers for malware.

The attackers compromised only a download mirror hosted under download.handbrake.fr, with the primary download server remaining unaffected. Because of this, users who downloaded HandBrake-1.0.7.dmg during the period in question have a 50/50 chance of having received a malicious version of the file, the HandBreak team said.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

Cyberspies tap free tools to build powerful malware framework

May 5, 2017 admin Malware & Vulnerabilities, Security

Credit to Author: Lucian Constantin| Date: Fri, 05 May 2017 07:54:00 -0700

Over the past year, a group of attackers has managed to infect hundreds of computers belonging to government agencies with a malware framework stitched together from JavaScript code and publicly available tools.

The attack, analyzed by researchers from antivirus firm Bitdefender, shows that cyberespionage groups don’t necessarily need to invest a lot of money in developing unique and powerful malware programs to achieve their goals. In fact, the use of publicly available tools designed for system administration can increase an attack’s efficiency and makes it harder for security vendors to detect it and link it to a particular threat actor.

To read this article in full or to leave a comment, please click here