wiredmikey writes: Security experts have discovered that the Maxthon web browser collects sensitive information and sends it to a server in China. Researchers warn that the harvested data could be highly valuable for malicious actors.
Researchers at Fidelis Cybersecurity and Poland-based Exatel recently found that Maxthon regularly sends a file named ueipdata.zip to a server in Beijing, China, via HTTP. Further analysis (PDF) revealed that ueipdata.zip contains an encrypted file named dat.txt. This file stores information on the operating system, CPU, ad blocker status, homepage URL, websites visited by the user (including online searches), and installed applications and their version number.
Interestingly, In 2013, after the NSA surveillance scandal broke, the company boasted about its focus on privacy and security, and the use of strong encryption.
wiredmikey writes: Facebook announced Friday it would roll out optional "end to end encryption" for its Messenger application, following a trend aimed at stronger security and protection against snooping. The new feature will be known as "secret conversations" which can be read only by the sender and recipient. Facebook shared technical details about its implementation of the security in a technical white paper (PDF).
wiredmikey writes: Researchers have demonstrated that data can be stolen using fans and a mobile phone placed in the vicinity of the targeted machine. The method, dubbed Fansmitter, leverages the noise emitted by a computer’s fans to transmit data.
Researchers from Ben-Gurion University of the Negev explained (PDF) that a piece of malware installed on the targeted air-gapped computer can use the device’s fans to send bits of data to a nearby mobile phone or a different computer equipped with a microphone.
While Apple's iOS 8.3 prevents the installation of an app that has an ID similar to an existing one, security researcher Chilik Tamir discovered a new method, which he dubbed “SandJacking."
Tamir demonstrated the SandJacking attack at the Hack In The Box (HITB) conference in Amsterdam on Thursday using Skype as the targeted application. However, the researcher told SecurityWeek that SandJacking attacks have been successfully tested against numerous popular applications.
The vulnerability was discovered in December 2015 and reported to Apple in January. The tech giant has confirmed the issue, but a patch has yet to be developed. Once Apple addresses the flaw, Tamir says he will release a SandJacker tool that automates the entire process of pushing malicious apps to iOS devices via the SandJacking vulnerability.
Microsoft has announced that it is dynamically banning common passwords from Microsoft Account and Azure Active Directory (AD) system. In addition to banning commonly used passwords to improve user account safety, Microsoft has implemented a feature called smart password lockout, meant to add an extra level of protection when an account is attacked.
Microsoft is seeing more than 10 million accounts being attacked each day, and that this data is used to dynamically update the list of banned passwords. This list is then used to prevent people from choosing a common or similar password.
Armed with fake credit card details from South Africa's Standard Bank, the thieves hit 1,400 convenience store ATMs in a coordinated attack earlier this month. The international gang members, reportedly numbering around 100 people, each made a series of withdrawals in less than three hours, Japanese media said. Japanese police declined to confirm the robbery, but Standard Bank acknowledged the heist and put its losses at around $19 million.
wiredmikey writes: Researchers from FireEye have disclosed the details of a serious information disclosure vulnerability affecting a Qualcomm software package found in hundreds of Android device models. The vulnerability is in the Qualcomm tethering controller (CVE-2016-2060) and could allow a malicious application to access user information. While the flaw could expose millions of Android devices, the vulnerability has limited impact on devices running Android 4.4 and later, which include significant security enhancements, and also does not affect Nexus devices.
FireEye said its researchers informed Qualcomm about the vulnerability in January and the vendor developed a fix by early March, when it started reaching out to OEMs to let them know about the issue. Now it’s up to the device manufacturers to push out the patch to customers.
wiredmikey writes: Researchers from Intel Security recently discovered that a piece of malware dubbed "Dynamer" is taking advantage of a Windows Easter Egg called “God Mode” to gain persistency on an infected machine.
God Mode, which can prove a handy tool for administrators, allows users to create a folder and give it a special name, which turns it into a shortcut to Windows settings and folders such as control panels, My Computer, or printers. However, the Dynamer malware is abusing the function, and installing itself into a folder inside of the %AppData% directory and creates a registry run key that persists across reboots. Using a “com4” name, Windows considers the folder as being a device, meaning that the user cannot easily delete it. Given that Windows Windows treats the folder “com4” folder differently, Windows Explorer or typical console commands are useless when attempting to delete it.
In what was described as the command's "first major combat operation," Defense Secretary Ashton Carter said CYBERCOM is playing an important role in the US-led military operation against the IS group in Iraq and Syria.
"The objectives there are to interrupt ISIL command and control, interrupt its ability to move money around, interrupt its ability to tyrannize and control population, interrupt its ability to recruit externally," Carter told lawmakers at a Senate Armed Services Committee meeting, using an acronym for the IS group.
A report released today by intelligence firm Flashpoint said that while ISIS-inspired cyberattacks are of high concern, the cyber capabilities of the Islamic State and its supporters are still relatively weak and appear to be underfunded and poorly organized.
wiredmikey writes: Security researchers from Cisco have come across a piece of software that installed backdoors on 12 million computers around the world. Researchers determined that the application, installed with administrator rights, was capable not only of downloading and installing other software, such as a known scareware called System Healer, but also of harvesting personal information. The software, which exhibits adware and spyware capabilities, was developed by a French online advertising company called Tuto4PC. The “features” have led Cisco Talos to classify the Tuto4PC software as a “full backdoor capable of a multitude of undesirable functions on the victim machine.”
Tuto4PC said its network consisted of nearly 12 million PCs in 2014, which could explain why Cisco’s systems detected the backdoor on 12 million devices. An analysis of a sample set revealed infections in the United States, Australia, Japan, Spain, the UK, France and New Zealand.
Experts from BAE Systems found the malware after someone uploaded samples from Bangladesh. Researchers discovered several components used in the attack and they all appear to have been created by the same actor.
One of the most important pieces of malware, hidden in a file named “evtdiag.exe,” was designed to interact with SWIFT Alliance Access, a messaging interface that allows banks and market infrastructures to connect to the SWIFT platform. According to the vendor, there are more than 2,000 Alliance Access installations worldwide.
SWIFT has released a software update to protect customers and help them identify potentially suspicious activity. SWIFT also clarified that the malware discovered by researchers has no impact on its network or core messaging services. The organization noted that the malware can only be deployed if attackers somehow manage to compromise the target’s systems by exploiting security vulnerabilities.
wiredmikey writes: Two individuals suspected of developing and distributing the notorious SpyEye Trojan have been sentenced to a combined 24 years and six months in prison, the U.S. Department of Justice announced on Wednesday.
Russian national Aleksandr Andreevich Panin, aka Gribodemon, aged 27, was sentenced to nine years and six months in prison. Panin advertised and delivered SpyEye with help from 27-year-old Algerian national Hamza Bendelladj, aka Bx1, who was sentenced to 15 years in prison.
SpyEye, which reportedly infected over 50 million computers, is estimated to have caused losses for individuals and banks totaling $1 billion.
wiredmikey writes: Swedish military computers were hacked and used in an attack targeting major US banks in 2013, the armed forces said on Monday. The attack knocked out the web sites of as many as 20 major US banks and financial institutions, sometimes for several days. According to Swedish military spokesman Mikael Abramsson, a server in the Swedish defense system had a vulnerability which was exploited by hackers to carry out the attacks.
At the time, the attack, which began in 2012 and continued for months, was one of the biggest ever reported. US officials blamed Iran, suggesting it was in retaliation for political sanctions and several earlier cyber attacks on its own systems.