Questions? Feedback? powered by Olark live chat software

New Trojan Attacks Point-Of-Sale Systems Seeking Card Info

There’s a new piece of malware to worry about called “Neutrino,” and it represents an especially troubling development. It’s a fork of an older, well-developed banking Trojan called “Zeus,” and its designers have gone to great lengths to make sure that it remains undetected for as long as possible so it has more time to do its work. Unlike its parent, this one is designed to infect Point-Of-Sale (POS) systems where it harvests credit card data to send back to its controller.

One of the main things that makes Neutrino so difficult to spot is that once it infects a target system, it goes into an extended hibernation, so as to throw antivirus software and other security scans off its scent. After its specified hibernation period ends, it wakes up and contacts its Command and Control server, run by the software’s controller.

Among other things, Neutrino can:

• Make screenshots
• Search processes by name
• Search files by name on any infected host and send them back to the C&C Server
• Download and execute files sent from the C&C Server, either to spread the infection, or to cause damage to the system
• Change register branches

To steal credit card information, it searches the memory pages and collects information for the strings “Track1” and “Track2” which contain the information normally held by the magnetic stripe on the credit cards run through the system.

Once it has this data, it’s a simple matter to send it back to the C&C Server at whatever interval the hacker has specified.

According to researchers at Kaspersky Labs, for the moment, the largest concentration of infections is in Russia and Kazakhstan, but that could change in the blink of an eye.

At present, companies that sell antivirus software are working to update their databases to detect this latest threat, but of course, that’s an uphill battle. The hackers will merely create a new, undetectable variant, and the cycle will continue. For now, just be advised that there’s yet another threat to worry about, and stay on your guard.

Used with permission from Article Aggregator

Linux Gets Its Own Wannacry-like Variant

If you thought we’d seen the last of the Wannacry ransomware, think again. Recently, a new threat has been discovered that targets Linux users.

It should be noted up front that “SambaCry” is not a variant strain of the aforementioned ransomware, but rather, a security flaw in Linux that mirrors the one Wannacry used to exploit Windows-based systems. The vulnerability, officially named CVE-2017-7494. was dubbed SambaCry because of those similarities.

Normally, Linux users avoid the kinds of security issues that plague Windows-based machines, but this is a bit of a different case, and here’s why:

There’s a Linux service called Samba Server Service which provides SMB/CIFS capabilities in Linux and Unix-based systems. While it’s true that Linux can use any number of file sharing protocols, Samba is often used in environments featuring a mix of Linux and Windows PCs, because Windows PCs have a hard time dealing with Network File System Shares coming from machines running other OS’s.

When a Linux server is running Samba, some folders (called CIFS Shares) will appear as a network folder to Windows users.

The security flaw allowed a remote user to send executable code to the server hosting the share, including code which could encrypt a file system and hold it for ransom.

As you might expect, the Linux crowd treated this as a top priority and has already moved to patch the flaw.

The long and the short of it is simply that if you’re running a Linux server and using Samba, you’re probably vulnerable unless you’ve downloaded and applied the latest security patch. If you haven’t, you should do so immediately.

While Linux users have been fortunate to have suffered relatively fewer critical security flaws, this is a painful reminder that as good as the OS is, it’s not bullet proof.

Used with permission from Article Aggregator

Some Intel Processors Could Crash Systems With Hyperthreading Enabled

If you’re using a machine with a Skylake or Kaby Lake Intel processor, you should know that under certain conditions, it may be prone to crashing if hyperthreading is enabled.

The problem was never formally announced, mostly because what bug reports were released on the topic were spotty and inconsistent. So far, at least, no one seems to be able to pin down what the precise conditions are that cause the crash, resulting in a small subset of bug reports that are highly inconsistent and paint an unclear picture of exactly what the root of the problem is.

In any case, there are three things to note.

Linux users are in luck. Microcode updates are available that address the issue on those machines.

Windows 10 users are out of luck, at least so far. The latest Wintel Microcode updates don’t seem to include the fix, and there’s been no mention, at least to this point, of when that might change.

That brings us to the third major point. For the time being, if you’re using a Wintel machine with either of the processors mentioned above, the best way to ensure you don’t have to worry about the crash problem is to disable hyperthreading.

On the other hand, the crash bug has only happened in a few, widely scattered cases, as evidenced by the spotty and inconsistent bug reports surrounding the issue.

Because of this, many, if not most users will likely opt to simply do nothing and take their chances. In any case, being forewarned is bring forearmed. Even though the crash bug is quite rare, it’s better to know about it and know the decisive fix (at least until a more permanent, Microcode fix is release), so you can make an informed decision as opposed to being caught unaware.

Used with permission from Article Aggregator

Why Do Ransomware Attacks Continue To Rise?

The total number of ransomware attacks has seen a massive spike, with nearly 50 percent more attacks against PCs occurring this year than last year. In the same time period, ransomware attacks against mobile devices fell marginally from 137,000 by this point last year to 130,000 this year. However, those numbers are tiny compared to the number of PC-targeted attacks and do little to stem the rising tide.

While there are a number of factors driving the surge, the biggest of these is also one of the simplest: profit. Ransomware is increasingly easy to make, difficult to detect and even more difficult to defend against.

A significant percentage of those infected don’t have good, recent backups in place, and have little choice but to pay the piper and hope the hackers will play fair and restore their files. Even a modestly successful ransomware attack can net the hacker launching it thousands of dollars, and there’s very little in the way of risk or downside.

In addition, hackers are beginning to unite. They’re forming large organizations with tremendous bench strength and a wide range of skills that enable them to constantly improve their software, making attacks even more effective. This is a recipe for disaster guarantees that the number of such attacks will only continue to climb.

A single hacker would find it virtually impossible to launch a globe-spanning attack like the recent Wannacry, or the even more recent Petya attacks. This type of attack takes a robust organization, planning and coordination to pull off successfully, and is a sign of things to come.

Not to say that individual rogue hackers won’t continue to be a presence online, but more and more, attacks are being orchestrated by increasingly well-heeled organizations, and that could spell big problems as time goes by. It also virtually guarantees that next year will see even more attacks of all types (including ransomware attacks) than this year.

Used with permission from Article Aggregator

Social Media Data Helping To Predict Violent Threats

A new study conducted by Cardiff University provides some insights about the power of social media that are both surprising and completely expected in the same moment.

The study focused on Twitter and using tweets to help identify dangerous situations, with the goal being to learn if social media trends could be used to identify potentially dangerous developing situations faster than police reports, which have been the longstanding standard.

It turns out that the answer is a resounding yes.

The researchers combined a dataset of 1.6 million tweets from the London riots in 2011 with a machine learning algorithm which automatically scans Twitter for potential threats. The three primary variables taken into account were street name, time of tweet and key words, which vary from one situation to the next, depending on what someone is looking for.

The results from the Cardiff research were confirmation that data drawn from Twitter can predict violent threats up to an hour faster than conventional methods that rely on police reports and official data sources.

The fact that social media is so much faster is a bit surprising. On the other hand, there are some companies in business today selling their ability to do that very thing, which is what makes the results less of a surprise and more of a confirmation. After all, if these companies weren’t successful at making predictions using something close to real time social media data mining, then they wouldn’t still be in business.

The lesson to be learned here is simple. We’re getting increasingly adept at handling very large datasets, and that data can be mined in real time (or close to real time) to produce actionable intelligence.

The same algorithm that can be used to predict violent outbursts in a large city can be tweaked for use by businesses to provide a variety of intelligence. If it’s not something you’ve considered before, now is the time to factor it into your thinking.

Used with permission from Article Aggregator

New Vulnerability Found In Skype That Could Allow Hackers Access

If you’re one of the millions of Skype users around the world, check to see what version you’re using. If you haven’t upgraded to the latest build, you’re at risk.

Recently, a new vulnerability came to light that allows hackers to take advantage of a security flaw in the software’s clipboard function that could spell big trouble for you.

The vulnerability works like this:

Hackers create a poisoned image file, and then copy/pastes it from the computer’s clipboard into a Skype message window.

Once the image has been loaded onto the clipboard on both the hacker’s machine and the recipient’s, Skype experiences a stack overflow error which causes the application to crash. When that happens, it opens the door, enabling the hacker to execute additional, more damaging or compromising exploits that could lead to a complete loss of control of your system.

The worst part of all is that no user interaction is required for the hacker to create the conditions by which the additional attacks can be made against the target computer.
Microsoft, which bought Skype in 2011, rated this as a high-security risk vulnerability, with a 7.2 CVSS score. It affects versions 7.2, 7.35, and 7.36 of the messaging software on Windows XP, Windows 7 and Windows 8.

Fortunately, the company patched the vulnerability in Skype v7.37, so if it’s been a while since you’ve upgraded, now is the time.

This is an especially problematic vulnerability because of the sheer popularity of Skype as a messaging platform. Not only is it used by millions of people around the world, but it’s becoming an increasingly popular communications tool in the enterprise setting.

As ever, vigilance is the order of the day, and one of the keys to remaining vigilant is to make sure all the software on your various devices is up to date and fully patched.

Used with permission from Article Aggregator

New Survey Shows Alarming Trends In Cybersecurity For Businesses

A new survey released by Guidance Software reveals some disturbing trends about the state of cyber security. The survey asked 330 IT and digital security professionals questions about cyber-attacks and their impact on the organizations they serve.

The biggest news was in how many organizations reported that they’d been the victims of a malware attack so far this year, with fully 65 percent reporting in the affirmative. That’s up from 56 percent this same time last year.

Worse, nearly a quarter (23 percent) of respondents indicated that they’d been the victim of a ransomware attack, with nine percent admitting to having paid the ransom to get their files restored. This is significant, because in last year’s survey, none of the respondents indicated having paid a ransom. What’s worse is that nearly half (48 percent) indicated certainty that they’d be hit by a ransomware attack sometime in 2017.

In terms of losses, a quarter of those surveyed indicated that their firms had suffered financially as a direct result of successful attacks over the past year. Of those, 20 percent indicated losses in excess of a million dollars.

Also of interest were the things IT professionals listed as their biggest challenges, with 35 percent citing proper risk assessment, 34 percent citing policy enforcement and 31 percent citing managing the complexity of digital security in general.

To anyone in IT, all three of these challenges will ring familiar. They are persistent hobgoblins that have plagued the industry for years, and unfortunately, that doesn’t show any sign of changing soon.

The silver lining for you as a business owner is knowing that these are the most often cited challenges faced by IT staff. You can assess your own department and begin making the changes necessary to help reduce the impact of all three.

Budgetary constraints may prevent you from solving them outright, but armed with these survey results, you can certainly begin making steady, incremental improvements. Your IT staff will love you for it.

Used with permission from Article Aggregator

Can Your Car Be Hacked Just With A USB Stick?

Jay Turla has been a very busy man since purchasing his new Mazda vehicle. He’s been spending time researching hacks to his car’s infotainment system, and as with most other “smart” products on the market today, he’s finding the system incredibly easy to break into.

He’s not alone. In fact, a whole online community has grown up around the idea of hacking various models of Mazda cars.

A variety of security researchers have confirmed what the online community has known for more than three years. Mazda’s infotainment system contains a raft of bugs that make it incredibly easy to hack the system. In fact, the online community has even built an app that automates the process.

Turla started with the app and began making tweaks and changes to see exactly what he could accomplish in terms of hacking his car. His key finding? All he had to do was plug a USB stick into the car. Once that was done, the scripts would execute automatically and begin making changes.

On the surface of it, that sounds pretty bad, and it certainly underscores the ongoing problem with today’s smart devices – they’re incredibly easy to hack and very few product manufacturers have expressed much interest in providing better security for the devices they make. Mazda is a classic example of this very phenomenon; remember, these bugs have been well-known for more than three years!

From a practical standpoint, though, the ability to easily hack the car’s infotainment system isn’t as bad as it could be. You can’t, for example, use these hacks to auto-start the car, or change any of the critical settings…at least not yet.

While Mazda insists that it’s not possible to impact anything but the car’s infotainment system, the hacking community isn’t convinced. Neither is Turla, who says he plans to continue his research to see just how far he can take his automated hacks.

This is certainly no reason not to buy a Mazda, but it’s something to keep in mind, and here’s hoping that at some point, manufacturers of smart devices start taking security more seriously.

Used with permission from Article Aggregator