The attack involves the Microsoft Application Verifier, a runtime verification tool for unmanaged code that helps developers find subtle programming errors in their applications.
The attack, dubbed by the security firm Cybellum as “DoubleAgent,” allegedly affects the products of several vendors, including Avast, AVG, Avira, Bitdefender, Trend Micro, Comodo, ESET, F-Secure, Kaspersky, Malwarebytes, McAfee, Panda, Quick Heal and Symantec (Norton). Only a few of the vendors have released patches.
The tool works by loading a so-called “verifier provider DLL” into the targeted application’s process for runtime testing, which allows a piece of malware executed by a privileged user to register a malicious DLL for a process associated with an antivirus or other endpoint security product, and hijack its agent.
"Did Trump receive a secured, encrypted smartphone for his personal use on or before Jan. 20? If so, is he using it?," said a tweet Tuesday by Senator Tom Carper, who along with fellow Democrat Claire McCaskill released a letter to the administration requesting information on the president's device. The lawmakers said they were concerned by reports that Trump was still using an Android device that may be several years old for his frequent personal Twitter messages.
The New York Times reported last month that while Trump had received a new, secure device after his inauguration, he still relied on his older device despite protests from aides.
wiredmikey writes: Yahoo said Monday that the closing of a $4.8 billion deal to sell its core internet assets to US telecom titan Verizon has been delayed several months. A close originally set for this quarter has been pushed into next quarter, and has been thrown into doubt following disclosures of two huge data breaches.
Yahoo announced in September that hackers in 2014 stole personal data from more than 500 million of its user accounts. It admitted another cyberattack in December, this one dating from 2013, affecting over a billion users. The US Securities and Exchange Commission has opened an investigation into whether Yahoo should have informed investors sooner about the two major data breaches.
wiredmikey writes: Weak and commonly used passwords have long been one of the most used venues to compromise online accounts, yet people continue to utilize these incredibly weak password choices. What's scary, is that according to a new report compiled after the analysis of 10 million passwords leaked from data breaches, the top 25 most popular passwords are used to secure more than 50% of accounts. Sadly, this trend is not new, and continues to show how stupid people can be when it comes to passwords.
Specifically, the report (PDF) reveals that 123456, 123456789, qwerty, 12345678, and 111111 were the five most used passwords in 2016, as per analysis by security firm Keeper Security.
wiredmikey writes: The smartphones of dozens of Israeli soldiers were hacked by Hamas militants pretending to be attractive young women online, an Israeli military official said Wednesday. Using fake profiles on Facebook with alluring photos, Hamas members contacted the soldiers via groups on the social network, luring them into long chats, the official told journalists on condition of anonymity.
Dozens of the predominantly lower-ranked soldiers were convinced enough by the honey trap to download fake applications which enabled Hamas to take control of their phones, according to the official.
wiredmikey writes: A recently discovered variant of the KillDisk malware encrypts files and holds them for ransom instead of deleting them. Since KillDisk has been used in attacks aimed at industrial control systems (ICS), experts are concerned that threat actors may be bringing ransomware into the industrial domain.
CyberX VP of research David Atch told SecurityWeek that the KillDisk variant they have analyzed is a well-written piece of ransomware, and victims are instructed to pay 222 bitcoins ($210,000) to recover their files, which experts believe suggests that the attackers are targeting “organizations with deep pockets.”
On December 1, researchers with Recorded Future discovered internet chatter that appeared to relate to an EAC breach. A hacker, called "Rasputin" by Recorded Future, was discussing the sale of more than 100 EAC access credentials to a middle-eastern government broker. The hacker claimed to have accessed the systems via an SQLi vulnerability, which Recorded Future was able to locate and report.
EAC said Thursday that was aware of the 'potential intrusion' and was investigating the incident.
wiredmikey writes: Tesco Bank, wholly owned by the UK's largest supermarket chain Tesco, said that some of its customers' had money withdrawn fraudulently as a result of "online criminal activity."
Benny Higgins, the bank's chief executive, said 40,000 of current accounts had experienced suspicious transactions and about half had money taken from their account. Customers are reporting on social media individual thefts of £600 and £700. One report quotes a customer complaint: "Spoke to Tesco after 1 hour 20 minutes on hold, like others, just waiting for a call back and no sign of my £2,400 today. I'm taking the day off work, I can't go in feeling as low as this."
wiredmikey writes: The U.S. government has officially accused Russia of being behind cyberattacks against American political organizations with the intent of interfering with the upcoming Presidential election in November.
“The U.S. Intelligence Community (USIC) is confident that the Russian Government directed the recent compromises of e-mails from US persons and institutions, including from US political organizations,” a joint statement from the Department of Homeland Security (DHS) and Office of the Director of National Intelligence said.
"We believe, based on the scope and sensitivity of these efforts, that only Russia's senior-most officials could have authorized these activities," the statement adds.
In August, researchers from two security firms uncovered evidence that they say linked a Russian threat actor to the cyberattack targeting the U.S. Democratic Congressional Campaign Committee (DCCC).
Blockchains are considered tamper-proof registers in which entries are time-stamped and linked to previous "blocks" in a data chain. As expected, the technology that drives the shadowy bitcoin cryptocurrency is drawing interest from the established banking industry, which sees a potential to revolutionize the sector.
The companies said they will build and test frameworks for blockchain-powered exchanges between businesses and their customers and banks. Microsoft plans to use its Azure cloud service platform to enable blockchain transactions between a major corporate treasury and a financial institution.
wiredmikey writes: Security researchers from China-based Tencent have identified a series of vulnerabilities that can be exploited to remotely hack an unmodified Tesla Model S while it’s parked or on the move. While the vehicle was parked, the experts could control the sunroof, turn signals, the position of the seats, all displays, and the door locking system. While the car was on the move, the hackers could activate the windshield wipers, fold the side view mirrors, and open the trunk. They also demonstrated that a remote hacker can activate the brakes from a long distance.
“As far as we know, this is the first case of remote attack which compromises CAN Bus to achieve remote controls on Tesla cars,” the researchers said. “We have verified the attack vector on multiple varieties of Tesla Model S. It is reasonable to assume that other Tesla models are affected.”
According to Keen Lab, Tesla has confirmed the flaws and is working on addressing them.
NAND mirroring involves removing the NAND flash memory chip from the device by desoldering it and creating backup copies or clones of the chip. By cloning the chip, the original memory is fully preserved while the copies can be used as many times as necessary to figure out the 4-digit passcode. Skorobogatov conducted a successful attack using off-the-shelf components bought from an electronics distributor for less than $100.
wiredmikey writes: The White House today announced that Brigadier General (retired) Gregory J. Touhill has been named the first Federal Chief Information Security Officer (CISO). Back in February, President Barack Obama unveiled a cybersecurity "national action plan" (CNAP) which called for an overhaul of aging government networks and a high-level commission to boost security awareness. As part of the plan, the White House said it would hire a federal CISO to direct cybersecurity across the federal government. General Touhill is currently the Deputy Assistant Secretary for Cybersecurity and Communications in the Office of Cybersecurity and Communications (CS&C) at the Department of Homeland Security (DHS).
The key hire comes at a time when the government needs cybersecurity talent more than ever. Earlier this week a report published a U.S. House of Representatives Committee said the data breaches disclosed by the Office of Personnel Management (OPM) last year were a result of culture and leadership failures, and should not be blamed on technology.