Malware infect mobile devices in record numbers, warns a technology company to Nokia.the data are based on the company twice a year to publish a report, which it shall identify and evaluate the various mobile and network devices threats.Reports have been made since 2012.by far the most popular malware items are smartphones.Nokia says that last year's smartphone infected with malware grew by nearly 400 percent.Most malware are tormented by the Android enabled smart phones and tablets.
In a recent and more rigorous experiment, a group of researchers from the University of Illinois Urbana-Champaign, University of Michigan and Google, dropped nearly 300 USB thumb drives around six campus locations and found that at least 45 percent of them were plugged into a computer and perused by the person who found them.While modern Windows and Mac systems no longer run programs on a USB stick by default, other attacks, such as BadUSB, can make a USB drive appear to be something else, such as keyboard, and then use that access to take malicious actions.When the company finds untrusted USB drives, it can test them, said Chris Novak, a director with the firm s RISK team, a computer investigations group.We often do executive protection, where, when executives go overseas or to a big conference, we give them temporary equipment, and if something happens, we get it back.Playing the movie trailer on the drive installed malware on the victim s computer, enabling the attacker to steal an unreleased movie.The fact that users plug such storage devices into corporate computers is a nightmare for IT security professionals, to the degree that they sometimes—and somewhat controversially—block USB ports on highly sensitive computers by gluing them closed with epoxy.
The net menace was the one-time world's biggest bot worming its way since 2008 through millions of machines across every country in the world, smashing through social networks including Facebook, Skype, and popular email services.It exploits a Windows vulnerability CVE-2008-4250 shuttered in a Microsoft critical update that year.Check Point says it registered the worm as the chief threat last month noting it was behind 17 percent of malware attacks.Their creation has remained in headlines since 2008 having infected a swath of cheap hard drives and USBs, and even police body-worn cameras in the United States.Check Point noted Conficker's dominance last December, and CERT UK recently said it found more than half a million infections in April .Its rootkit was thought to reside on more than a million machines and is still operating thanks to an incomplete command and control take down effort in 2013.
Kaspersky white hats have again ruined the Cryptxxx malware by offering victims a free decryption tool that will unwind all variants of the menace.The infuriating researchers have followed their first decryption effort that busted up the earlier Cryptxxx variant causing VXers to re-write and reissue a patched ransomware release.Stranger contacted me via tweet.Thanks to @kaspersky RannohDecryptor, I have his files back.— ɹǝʞɐɯuıɐɹ @R41nM4kr May 9, 2016Researches may find themselves in an arms race with Cryptxxx should the authors weather the decryption storm and keep producing fixed variants.Or they may like Linux.Encoder seemingly succumb to the barrage of attacks by meddling white hats some of whom go as far as to release surreptitious deliberately-weakened ransomware blueprints in a bid to waste the time of copy-and-paste VXers.
The Nulled.IO board is used to trade and sell credit card and leaked identity information, hacking tools, cracks, and malware-creation kits.On May 6th, the hacker or hackers responsible for the breach dumped a 1.3 GB compressed archive online which when expanded is a 9.45 GB SQL file containing details of the website s cybercriminal users and their activities.According to RiskBased Security, which discovered the breach, the attack was likely possible due to Nulled.IO s use of the Ip.Board community forum, which has a number of known vulnerabilities.RiskBased Security said the full dump contains 536,064 user accounts, 800,593 user personal messages, 5,582 purchase records and 12,600 invoices, which could include donation records.All this information will, of course, likely be of interest to law enforcement officials, especially as it contains so much information about illegal activities.A particularly interesting discovery made by the RiskBased Security team is that there are 20 .gov email accounts in the leaked database that originate from countries such as the US, Turkey, the Philippines, Brazil, Malaysia, and Jordan.
View photosMoreThe SWIFT logo is pictured in this photo illustration taken April 26, 2016.JPMorgan Chase & Co has limited SWIFT access to some employees amid questions about the breaches at two Asian banks, The Wall Street Journal reported, citing people familiar with the matter.Brussels-based SWIFT is a cooperative owned by some 3,000 global financial institutions.Some U.S. banks want to discuss with SWIFT whether it responded quickly enough to the breaches and if it should help banks better secure their systems, Bloomberg cited one unidentified source as saying.Some U.S. banks expect SWIFT to come up with a technological solution to reduce the risk of further attacks, the report cited a second unidentified source as saying.SWIFT codes for at least seven international banks were written into malware used in an attack that Vietnam's Tien Phong Bank disclosed over the weekend, Bloomberg reported, citing a private report published by BAE Systems PLC .
All IDEs based on JetBrains' IntelliJ IDEA are affectedGoogle has emailed Android developers advising them to update Android Studio, the official Android IDE, to fix security bugs.A cross-site request forgery CSRF flaw means that if the IDE is running and the developer visits a malicious web page in any browser, scripts on the malicious web page could access the local file system.This allows attackers to get access to data saved by the IDE or open a project without permission.Users of other JetBrains IDEs will also find updates available for download.Some developers asked if it could be disabled completely."The internal server is not exclusively used for web application development but also serves for other functionality such as the Internal Git SSH support, Http Authorization, Serving Documentation from JAR s as well as providing a REST API endpoint," explains JetBrains developer advocate Hadi Hariri.
Swedish Radio warns: false article about the terrorist attacks on the Arlanda spreading malware. At noon today joined the Swedish Radio issued a warning about a fake news article that started to spread on the web. It is also alleged that the echo broadcast from the event. To click further into the article may cause the software with malware installed on your computer. Read also: Beware of old-school e-mail scam - "friends" asking you for money The Swedish Radio would stand behind the article is rejected, among other things through a Facebook Post in the public service company. In other words: Arlanda is under attack - not further spread the malicious link under any circumstances.
Swedish Radio warns: false article about the terrorist attacks on the Arlanda spreading malware. At noon today joined the Swedish Radio issued a warning about a fake news article that started to spread on the web. It is also alleged that the echo broadcast from the event. To click further into the article may cause the software with malware installed on your computer. Read also: Beware of old-school e-mail scam - "friends" asking you for money The Swedish Radio would stand behind the article is rejected, among other things through a Facebook Post in the public service company. In other words: Arlanda is under attack - not further spread the malicious link under any circumstances.
The region is a hotspot for malware-based spying campaign thanks largely to the conflict between the Kiev government and rebels in the East who identify with Russia.The majority of such campaigns feature booby-trapped content themed around the current Ukrainian geopolitical situation and the war in Donbass in order to trick marks into opening malicious attachments.Whether these secondary targets are been deliberately selected or represent collateral damage remains unclear.ESET detects the malware associated with the attacks, which may have been going on since as long ago as 2008, as Prikormka.The attacks seem to have slipped under the radar for eight years but now that one anti-virus vendor has caught onto the campaign, widespread detection by other vendors can be expected to follows within days or weeks.The security community in general is playing particularly close attention to malware-slinging in the Ukraine after the BlackEnergy malware was linked to attacks that results in power outages last December.
District Judge Robert Bryan declined to intervene in the ongoing case against a suspect called Jay Michaud, who is one of 137 people now facing charges in the US in relation to the FBI's probe into Playpen, an illicit website formerly hosted on the Tor network.As Mozilla noted in its initial court filing, Tor, which is used to anonymise internet browsing, is partly based on the same open-source code used in its popular Firefox browser.However, in the wake of a plea from the US Justice Department citing "national security" Judge Bryan reversed his decision on Monday 17 May and said prosecutors no longer had to make any bug disclosure to Michaud's defence team.Thousands of people around the world are under investigation as a result of the case, however law enforcement recently encountered issues after two defendants secured rulings that declared their warrants invalid.These setbacks were largely due to "jurisdictional issues" that surround the FBI's use of malware to snare the suspects.During the period it was under its control, the agency used a court-ordered malware technique in an attempt to identify as many of the website's 214,898 members as possible.
Graphic: SymantecA professional hacking group called Suckfly is targeting India's infrastructure and economic base by zeroing in on individuals and installing tools to access their work networks.Symantec also managed to uncover the group's attack method: they found an employee at each organization that had a significant online footprint and installed their malware on their system – Symantec reckons a phishing attack was the most likely approach.The malware then uses known security holes – in this case unpatched Windows flaws – to escalate privileges before posing as that individual to enter their work network.Several of the domains were registered through a Yandex email address, for example.The targeting of India's economic and governmental centers could benefit both foreign governments and those looking to make money from commercially sensitive material, so motive is also hard to divine.Symantec only uncovered the attacks two years after most of them had taken place and only then after it knew what to look for.
The Accessibility Clickjacking attack exploits flaws in protections for Android's accessibility and draw-over-apps features to allow attackers to hijack devices.It has been updated since its initial disclosure in March after Amit and colleague Elisha Eshed discovered it applied to updated Android Lollipop version 5 devices, the most popular of all Android platforms, and affected an additional 840 million devices.Many malware instances including a free Black Jack app disclosed today and several malicious games reported this week have used accessibility and draw-over-app features to compromise devices.Malicious apps deploy Amit's attack flow to varying degrees of effectiveness, with some hoping users would deliberately approve accessibility features after merely reading a request claiming it needs to be activated."This also enables ransomware exploits, where a hacker may elevate their permissions to remotely encrypt or wipe the device, potentially forcing the victim to pay money to get access to their own device.Android KitKat version 4.4 released three years ago is still used on about a third of devices, just trailing Lollipop, with many perhaps being older and cheap gadgets.
The authors of the TeslaCrypt ransomware have handed over their master keys in what appears to be a decision to kill off the net menace.An Eset researcher noticed the gradual decline of TeslaCrypt and, posing as a victim, asked the malware authors for a key.The authors surprisingly offered a free master key and the security wonk quickly produced a free universal decryption tool.TeslaCrypt was used in massive malvertising attacks against visitors to high profile sites.Decryption tools are released periodically as white hats find vulnerabilities, often in a ransomware's implementation of an encryption scheme.This has gradually given way to usage of Cryptxxx as the payload of choice for infected computers.
Victims of the widespread TeslaCrypt ransomware are in luck: Security researchers have created a tool that can decrypt files affected by recent versions of the malicious program.However, in April 2015, researchers from Cisco Systems discovered a flaw in the ransomware program that allowed them to create a decryption tool for some of its variants.The number of TeslaCrypt attacks spiked in December and starting with version 3.0.1 of the program, which appeared in March, all encryption flaws were fixed and the existing decryption tools were rendered ineffective.Researchers from security vendor ESET have recently managed to obtain a copy of TeslaCrypt s master key, allowing them to create a new decryption tool that is capable of recovering files affected by the newer versions of TeslaCrypt 3.0 and higher .On this occasion, one of ESET s analysts contacted the group anonymously, using the official support channel offered to the ransomware victims by the TeslaCrypt s operators, and requested the universal master decryption key.The tool can recover TeslaCrypt-encrypted files whose extension was changed to .xxx, .ttt, .micro and .mp3, as well as those whose extension hasn t been modified.
Cisco Systems has fixed four denial-of-service vulnerabilities that attackers could exploit to cause Web Security Appliance devices to stop processing traffic correctly.One of the four DoS vulnerabilities fixed Wednesday by Cisco stems from how the OS handles a specific HTTP response code.If this happens, the device will no longer accept new incoming connection requests, Cisco said in an advisory.Another DoS vulnerability is caused by a lack of proper input validation of the packets that make up HTTP POST requests.The flaw can be exploited through specifically crafted HTTP requests and can lead to the proxy process becoming unresponsive and the WSA reloading.In addition to the WSA flaws, Cisco also patched a moderate severity cross-site scripting vulnerability in the Web interface of the Cisco Unified Computing System UCS Central Software.
The BoE ordered them to detail steps taken to secure computers connected to the SWIFT bank messaging network, according to insiders who spoke to Reuters.The orders included conducting a 'compliance check' to check whether they are following security procedures issued by SWIFT after an attack in February saw $81m £56m stolen from Bangladesh's central bank.On 13 May, SWIFT issued a notice saying that another instance of a malware-led attack on an institution had emerged, directed at banks' secondary controls.In addition to the two fraud attempts on the SWIFT network, major financial institutions have been targeted recently as part of hacking group Anonymous's Operation Icarus, a hacktivist project protesting the role of banks in global corruption.In 2014, Andrew Gracie, Executive Director, Resolution at the BoE, formally launched a new framework to help identify areas where the financial sector could be vulnerable to sophisticated cyber-attack.This was part of the BoE's response to the Financial Policy Committee's recommendation to test and improve resilience to cyber-attack.
View photosMoreThe SWIFT logo is pictured in this photo illustration taken April 26, 2016.REUTERS/Carlo Allegri/Illustration/File PhotoHONG KONG Reuters - Hong Kong's central bank has a launched a new program to strengthen lenders' ability to protect their critical technology systems after recent attacks by unidentified groups on a global messaging system used by the financial community.The Hong Kong Monetary Authority's latest measure, known as the "Cybersecurity Fortification Initiative CFI ," plans to raise the level of cybersecurity at banks in Hong Kong through a three-pronged approach and follows similar steps taken by its counterparts from London to Vietnam.They installed malware inside the bank's Dhaka headquarters that hid traces of their attack in a bid to delay discovery so they could access the funds, according to police and private security firms.The theft prompted fresh attacks on other central banks within the region, with Vietnam's Tien Phong Bank saying earlier this week it had interrupted an attempted cyber heist that involved the use of fraudulent SWIFT messages, the same technique at the heart of February's massive theft from the Bangladesh central bank.The Bank of England joined its counterparts in Singapore and the Philippines, asking banks to increase their checks on security systems in the wake of the attacks.
This falls broadly into two categories: crimes committed that relate to computers themselves or traditional crimes conducted over the internet.The law also covers the creation of malware or anything that can be used to violate the other sections of the law.It could also include offences such as hate crime.Phishing attacks, for example, which involve sending out fraudulent communications with the aim of harvesting the victims' data, are punishable under fraud laws after amendments to the existing law were made in 2005.Identity theft, which simply means impersonating another person using their credentials, can also take place online.This personal information could include passport numbers, bank details or even information as mundane and seemingly innocuous as a name or date of birth.
A hacker group going by the name of Suckfly has been targeting Indian government and commercial organisations by focusing on high-profile individuals and installing spyware on their work networks to access sensitive information.However, a more in-depth analysis lead to the researchers discovering that the group, which has developed a custom malware called Backdoor.Nidiran, had also been targeting major government and commercial organisations in India.The attacks targeted high-profile targets, including government and commercial organizations.Most notably, when researchers analysed the timing of the instructions sent, they discovered that the hacker group had no activity during weekends."The nature of the Suckfly attacks suggests that it is unlikely that the threat group orchestrated these attacks on their own.We believe that Suckfly will continue to target organizations in India and similar organizations in other countries in order to provide economic insight to the organization behind Suckfly's operations," DiMaggio said.
More

Top