Malware Developers: Hiding Behind 'Exotic' Programming Languages

SecureWorld News

SecureWorld just reviewed a recently released a report from Blackberry's Research and Intelligence team on this topic. The report looks into how threat actors are currently adapting, as they observed an increase in the use of uncommon programming languages.

Hackers Slipped Mysterious Malware Into Thousands of Macs But Researchers Can't Figure Out Why

GizModo VR

A new malware strain has infected Mac devices all over the world—most prominently in the U.S. malware computer programming cyberwarfare computing payload technology internet cybercrime security breaches fireball

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

North Korean Hackers Successfully Phished Cyber Researchers Using a Fake Blog

GizModo VR

A recent phishing campaign by North Korean nation-state hackers successfully duped a number of security professionals who were involved in vulnerability research and development, according to a new report from Google’s Threat Analysis Group.

NotPetya and Olympic Destroyer Malware: 6 Russian Officers Charged

SecureWorld News

But the GRU members being charged in this case started with other strains of malware and a narrow target: Ukraine's power grid. In what is commonly referred to as the most destructive and costly cyber attack ever, the conspirators unleashed the 'NotPetya' malware.

Stealthy cyberespionage malware targets energy companies

Network World

Security researchers have discovered a new malware threat that goes to great lengths to remain undetected while targeting energy companies. The malware program, which researchers from security firm SentinelOne have dubbed Furtim’s Parent, is a so-called dropper -- a program designed to download and install additional malware components and tools. The researchers believe it was released in May and was created by state-sponsored attackers.

Mysterious malware targets industrial control systems

Computerworld Vertical IT

Researchers have found a malware program that was designed to manipulate supervisory control and data acquisition (SCADA) systems in order to hide the real readings from industrial processes. The same technique was used by the Stuxnet sabotage malware allegedly created by the U.S. and Israel to disrupt Iran's nuclear program and credited with destroying a large number of the country's uranium enrichment centrifuges.

New Windows code injection method could let malware bypass detection

Network World

Security researchers have discovered a new way that allows malware to inject malicious code into other processes without being detected by antivirus programs and other endpoint security systems. The new method was devised by researchers from security firm Ensilo who dubbed it AtomBombing because it relies on the Windows atom tables mechanism. We also found that the legitimate program, now containing the malicious code, can be manipulated to execute that code."

Check your BITS, because deleting malware might not be enough

Network World

Attackers are abusing the Windows Background Intelligent Transfer Service (BITS) to re-infect computers with malware after they've been already cleaned by antivirus products. The technique was observed in the wild last month by researchers from SecureWorks while responding to a malware incident for a customer. The two malicious jobs periodically downloaded and attempted to reinstall the deleted malware.

Malware distributors are switching to less suspicious file types

Network World

After aggressively using JavaScript email attachments to distribute malware for the past year, attackers are now switching to less suspicious file types to trick users. Last week, researchers from the Microsoft Malware Protection Center warned about a new wave of spam emails that carried malicious.LNK files inside ZIP archives. It has been abused to download malware in the past and there are even malware programs written entirely in PowerShell.

IoT malware clashes in a botnet territory battle

Network World

Mirai -- a notorious malware that's been enslaving IoT devices -- has competition. A rival piece of programming has been infecting some of the same easy-to-hack internet-of-things products, with a resiliency that surpasses Mirai, according to security researchers. Security researchers have dubbed the rival IoT malware Hajime, and since it was discovered more than six months ago, it's been spreading unabated and creating a botnet.

Stealthy Mac malware spies on encrypted browser traffic

Network World

A new malware program that targets macOS users is capable of spying on encrypted browser traffic to steal sensitive information. The new program, dubbed OSX/Dok by researchers from Check Point Software Technologies, was distributed via email phishing campaigns to users in Europe. The malware was attached to the email as a file called Dokument.zip.

New Tor-powered backdoor program targets Macs

Network World

Security researchers have found a new backdoor program that allows attackers to hijack Mac systems and control them over the Tor network. The new malware has been dubbed Backdoor.MAC.Eleanor by researchers from antivirus vendor Bitdefender and is distributed as a file converter application through reputable websites that offer Mac software.

Mysterious malware targets industrial control systems, borrows Stuxnet techniques

Network World

Researchers have found a malware program that was designed to manipulate supervisory control and data acquisition (SCADA) systems in order to hide the real readings from industrial processes. The same technique was used by the Stuxnet sabotage malware allegedly created by the U.S. and Israel to disrupt Iran's nuclear program and credited with destroying a large number of the country's uranium enrichment centrifuges.

Stealthy malware Skimer helps hackers easily steal cash from ATMs

Network World

Security researchers have found a new version of a malware program called Skimer that's designed to infect Windows-based ATMs and can be used to steal money and payment card details. The latest modification, found by researchers from Kaspersky Lab at the beginning of May, uses new techniques to evade detection. Upon installation, the malware checks if the file system is FAT32 or NTFS.

Cyberspies tap free tools to make powerful malware framework

Network World

Over the past year, a group of attackers has managed to infect hundreds of computers belonging to government agencies with a malware framework stitched together from JavaScript code and publicly available tools. The attack, analyzed by researchers from antivirus firm Bitdefender , shows that cyberespionage groups don't necessarily need to invest a lot of money in developing unique and powerful malware programs to achieve their goals.

Sophisticated malware possibly tied to recent ATM heists in Thailand

Network World

Security researchers have found a sophisticated malware program that may have been used recently by a gang of hackers to steal more than US$350,000 from ATMs in Thailand. A sample of the new malware, dubbed Ripper, was uploaded to the VirusTotal database from an Internet Protocol address in Thailand last week, shortly before local media reported that hackers used malware to steal 12.29

Thousands of Seagate NAS boxes host cryptocurrency mining malware

Network World

Thousands of publicly accessible FTP servers, including many from Seagate network-attached storage devices, are being used by criminals to host cryptocurrency mining malware. Researchers from security vendor Sophos made the discovery when they investigated a malicious program dubbed Mal/Miner-C, which infects Windows computers and hijacks their CPUs and GPUs to generate Monero, a bitcoin-inspired cryptocurrency.

Join Architects, Planners, Program Managers, Data Scientists at 4th Annual Cloudera Federal Forum in DC 25 Feb

CTOvision

Track sessions will focus on: Enabling Business Results with Big Data — How to enable agency programs that will yield enormous value through big data to deliver actionable information and measureable results. Hittle is a Level III, top-ranked, Acquisition Program Manager and Systems Planning Research, Development, and Engineering Professional. Government is ever more reliant on data to deliver on mission and programs. By Bob Gourley.

Shared malware code links SWIFT-related breaches at banks and North Korean hackers

Network World

Malware links suggest that North Korean hackers might be behind recent attacks against several Asian banks, including the theft of US$81 million from the Bangladesh central bank earlier this year. Security researchers from Symantec have found evidence that the malware used in the Bangladesh Bank cyberheist was used in targeted attacks against an unnamed bank in the Philippines.

New Mac Trojan uses the Russian space program as a front

Network World

Security researchers have found a new Mac OS X malware that appears to be targeting the aerospace industry. Interestingly, the Trojan will also save a PDF document to the infected system concerning the Russian space program. The Trojan, called Komplex, can download, execute, and delete files from an infected Mac, according to security firm Palo Alto Networks.

Researchers dismantle decade-long Iranian cyberespionage operation

Network World

The infrastructure used by an Iranian cyberespionage group to control infected computers around the world has been hijacked by security researchers. Researchers from Palo Alto Networks came across the group's activities earlier this year, but found evidence that it has been operating since at least 2007. Its main tool is a custom malware program dubbed Infy, which was repeatedly improved over the years.

Snake cyberespionage malware is ready to bite Mac users

Network World

A sophisticated Russian cyberespionage group is readying attacks against Mac users and has recently ported its Windows backdoor program to macOS. It targets government entities, intelligence agencies, embassies, military organizations, research and academic institutions and large corporations. The group, known in the security industry as Snake, Turla or Uroburos, has been active since at least 2007 and has been responsible for some of the most complex cyberespionage attacks.

Fed Tech Roundup December 2

CTOvision

Malware, ransomware twice as likely to hit state, local networks - GCN.com. How Valuable is Federal Research? AI Program Beats Humans On College Acceptance Test - Nextgov. Wins Contract in Support of DoD Information Analysis Center Program. News DHS invincea IRS Malware ZuckerbergThe following are some of the hot topics in the federal technology ecosystem (from FedTechTicker.com and TopTechTicker.com ): Fed Tech Ticker.

Malware targets Oracle Micros point-of-sale customers

Computerworld Vertical IT

A new malware program designed to steal payment card details from point-of-sale (PoS) systems is targeting businesses using Oracle Micros products. Security researchers from antivirus firm Trend Micro recently came across a highly configurable memory-scraping malware program that they dubbed MalumPoS. Micros, acquired by Oracle last year, develops front- and back-office customer service systems that are popular in the hospitality, food and retail industries.

DOE’s secret weapon: Supercomputers, Developers Scramble to Build NSA-Proof Email and more

CTOvision

“Many of the department’s supercomputing resources are devoted only to the highest impact, breakthrough research.” “I think that’s a certainty,” said Jim Lewis, a senior fellow with the Center for Strategic and International Studies and the director of the Technology and Public Policy Program.’ By Ryan Kamauff Here are the top cyber news and stories of the day.

ACC Foundation Releases Extensive State of Cybersecurity Report

CTOvision

Employee error was the most frequent cause of a breach (24%), followed by inside jobs (15%), phishing (12%), access through a third party (12%), lost laptop or device (9%), application vulnerability (7%), and malware (7%). PPL forms program for nonprofit groups (republicanherald.com). Cyber Security News Research ACC Ballard Spahr Business Insider Corporation The State of Cyber Security ReportKatie Kennedy.

Report 152

Best IT and Tech Blogs – Must Read Information Technology Resources 2019

Galido

Malwarebytes is a leader of malware prevention and protection. Zone Alarm Cybersecurity blog offers information on malware and protecting yourself online. They offer malware alerts, practical online security tips, and more. Securelist is a Kaspersky Lab web property focusing on malware, phishing, and the cybersecurity industry. Information Week shares news, analysis and research for business technology professionals, plus peer-to-peer knowledge sharing.

Tech Blogs – Best Must Read Tech Resources 2019

Galido

Malwarebytes is a leader of malware prevention and protection. Zone Alarm Cybersecurity blog offers information on malware and protecting yourself online. They offer malware alerts, practical online security tips, and more. Securelist is a Kaspersky Lab web property focusing on malware, phishing, and the cybersecurity industry. Information Week shares news, analysis and research for business technology professionals, plus peer-to-peer knowledge sharing.

Best Tech Blogs – Must Read Tech Resources 2019

Galido

Malwarebytes is a leader of malware prevention and protection. Zone Alarm Cybersecurity blog offers information on malware and protecting yourself online. They offer malware alerts, practical online security tips, and more. Securelist is a Kaspersky Lab web property focusing on malware, phishing, and the cybersecurity industry. Information Week shares news, analysis and research for business technology professionals, plus peer-to-peer knowledge sharing.

6 Ways to Defend Against a Ransomware Attack

CEB IT

Twenty-seven percent of malware incidents reported in 2020 can be attributed to ransomware. Research government and regional authorities that have provided guidelines on how organizations can fortify their network infrastructure against ransomware.

Backup 271

Top Tech Websites 2019

Galido

Malwarebytes is a leader of malware prevention and protection. Zone Alarm Cybersecurity blog offers information on malware and protecting yourself online. They offer malware alerts, practical online security tips, and more. Securelist is a Kaspersky Lab web property focusing on malware, phishing, and the cybersecurity industry. Information Week shares news, analysis and research for business technology professionals, plus peer-to-peer knowledge sharing.

S&R Analyst Spotlight: Josh Zelonis

Forrester IT

When he's not out cruising his Harley, Josh is working with clients to adapt their architecture, policies, and processes to evolving threats and to develop robust incident response programs. His research focuses on threat intelligence, endpoint detection and response (EDR), malware analysis, pen testing/red teaming, forensics and investigations, and of course, incident response. Based on the West Coast, Senior Analyst Josh Zelonis is the newest addition to the S&R team.

Ransomware spreads through weak remote desktop credentials

Network World

Stolen or weak remote desktop credentials are routinely used to infect point-of-sale systems with malware, but recently they've also become a common distribution method for file-encrypting ransomware. In March, researchers discovered a ransomware program dubbed Surprise that was being installed through stolen credentials for TeamViewer, a popular remote administration tool.

Best IT Blogs – Must Read Information Technology Resources 2019

Galido

Malwarebytes is a leader of malware prevention and protection. Zone Alarm Cybersecurity blog offers information on malware and protecting yourself online. They offer malware alerts, practical online security tips, and more. Securelist is a Kaspersky Lab web property focusing on malware, phishing, and the cybersecurity industry. Information Week shares news, analysis and research for business technology professionals, plus peer-to-peer knowledge sharing.

More on Operationalizing Threat Intelligence

Network World

Overall malware volume is down but the number of variants has gone up precipitously. In fact, according to the Webroot threat report, about 97% of all malware variants are seen only one time. Yes, enterprise organizations are bolstering defenses with anti-malware gateways and next-generation endpoint security tools but they are also doubling down on threat intelligence. Coming out of Black Hat a few weeks ago, it’s pretty frightening what’s going on with cyber-threats.

Fresh Insights into the NSA’s Cyber Capabilities

CTOvision

A recent report from Russian researchers has provided more specific information vis-à-vis the technical capabilities of NSA. The group has been engaged in cyber espionage for more than a decade, and it has several signature malware platforms in its arsenal. According to Reuters , a former NSA employee confirmed the hypothesis that the NSA is behind the Equation Group, and the employee confirmed that the spying programs in the report are extremely valuable to the agency.

Windows Trojan hacks into embedded devices to install Mirai

Network World

Attackers have started to use Windows and Android malware to hack into embedded devices, dispelling the widely held belief that if such devices are not directly exposed to the Internet they're less vulnerable. Researchers from Russian antivirus vendor Doctor Web have recently come across a Windows Trojan program that was designed to gain access to embedded devices using brute-force methods and to install the Mirai malware on them.

Fed Tech Roundup July 29

CTOvision

E-invoice mandate, Flash malware spike and more - FCW.com. NASA Awards Aerospace Propulsion, Communications Research Contracts. NASA Awards Contract to Support Agency’s Human Spaceflight Programs. The following are some of the hot topics in the federal technology ecosystem (from FedTechTicker.com and TopTechTicker.com ): Fed Tech Ticker. TASC, an Engility Company, Awarded $67M U.S. Air Force Global Positioning System (GPS) Contract.

Global Supply Chain Cyberattack Underway via IT Monitoring Software

SecureWorld News

The software updates for your IT management tools arrive automatically and contain legitimate changes—but hidden inside the update is malware that gives hackers secret access to your network. FireEye researchers report regularly on the world's most prominent cyberattacks.

Microsoft warns of critical Windows DNS Server vulnerability that’s ‘wormable’

The Verge

Such a flaw could allow attackers to create special malware that remotely executes code on Windows servers and creates malicious DNS queries that could even eventually lead to a company’s infrastructure being breached. a principal security program manager at Microsoft.

New DMA Locker ransomware is ramping up for widespread attacks

Network World

The TeslaCrypt creators called it quits recently , but unfortunately for users, there's a new ransomware program that's ready to take its place. Researchers had no problem developing a file recovery tool for the first two versions. However, its authors have recently fixed all issues and malware researchers believe that with the newly released version 4, DMA Locker has reached maturity and might be the next thing to hit users in widespread attacks.

Hackers can now clone your keys just by listening to them with a smartphone

Mashable VR

Researchers at the National University of Singapore published a paper earlier this year detailing how, using only a smartphone microphone and a program they designed, a hacker can clone your key. Every time you unlock your front door, your key whispers a small, but audible, secret.

Russian cyberspies blamed for US election hacks are now targeting Macs

Network World

Security researchers have discovered a macOS malware program that's likely part of the arsenal used by the Russian cyberespionage group blamed for hacking into the U.S. It is believed to be the sole user and likely developer of a Trojan program called Sofacy or X-Agent. Democratic National Committee last year. The group, which is known in the security industry under different names, including Fancy Bear, Pawn Storm, and APT28, has been operating for almost a decade.