Viry a Červi

Quora.com admits data breach affecting 100 million accounts

Sophos Naked Security - 5 Prosinec, 2018 - 12:54
Hackers have compromised data from the accounts of 100 million users of question and answer site Quora.com.

Now you, too, can snoop on mobe users from 3G to 5G with a Raspberry Pi and €1,100 of gizmos

The Register - Anti-Virus - 5 Prosinec, 2018 - 12:30
Crypto-boffins' paper shows AKA protocol still broken

A protocol meant to protect smartphone users' privacy is vulnerable to fake base station attacks all the way from 3G to 5G, according to a group of international researchers. All the baddies need is a little over €1,100 worth of kit and a laptop.…

Kategorie: Viry a Červi

Those are NOT your grandchildren! FTC warns of new scam

Sophos Naked Security - 5 Prosinec, 2018 - 12:20
Grandkid imposters are managing to finagle a skyrocketing amount of money out of people, the FTC warns.

Could adult content ban spell the end for Tumblr?

Sophos Naked Security - 5 Prosinec, 2018 - 11:54
#TumblrIsDead? Tumblr is banning adult content in an effort to be safer, better, “more positive”.

Google Chrome 71 Touts 43 Fixes, Fights Ad Abuse

VirusList.com - 5 Prosinec, 2018 - 05:34
The browser comes with a new set of protections to block pop-ups that could lead to 'abusive experiences.'
Kategorie: Viry a Červi

GOPwned: Republicans fall victim to email hack

The Register - Anti-Virus - 5 Prosinec, 2018 - 00:44
NRCC says it was hit in run-up to 2018 mid-term elections

The National Republican Congressional Committee, the Republican Party's campaigning arm in the US, has confirmed it fell victim to hackers, who broke into its email system.…

Kategorie: Viry a Červi

1-800-Flowers Becomes Latest Payment Breach Victim

VirusList.com - 4 Prosinec, 2018 - 22:00
Details are so far scant in this latest in a string of data breaches.
Kategorie: Viry a Červi

He's not cracked RSA-1024 encryption, he's a very naughty Belarusian ransomware middleman

The Register - Anti-Virus - 4 Prosinec, 2018 - 19:15
Dr Shifro pays ransom, gets discount and adds its own margin, says Check Point

A ransomware decryption service has turned out to be – quelle surprise – a Belarusian middleman who simply pays the ransom and adds his own profit margin to the hapless victim's bill.…

Kategorie: Viry a Červi

Google Patches 11 Critical RCE Android Vulnerabilities

VirusList.com - 4 Prosinec, 2018 - 17:56
Google’s December Android Security Bulletin tackles 53 unique flaws.
Kategorie: Viry a Červi

Quora Breach Exposes a Wealth of Info on 100M Users

VirusList.com - 4 Prosinec, 2018 - 15:29
The information is an early Christmas gift for any social engineer.
Kategorie: Viry a Červi

New paper: Botception: botnet distributes script with bot capabilities

Virus Bulletin News - 4 Prosinec, 2018 - 14:39
In a new paper, Avast researchers Jan Sirmer and Adolf Streda look at how a spam campaign sent via the Necurs botnet was delivering the Flawed Ammyy RAT. As well as publishing the paper, we have also released the video of the reseachers' VB2018 presentation on the same topic.

Read more
Kategorie: Viry a Červi

Bleichenbacher’s CAT puts another scratch in TLS

Sophos Naked Security - 4 Prosinec, 2018 - 14:26
Researchers demonstrate Cache-like ATacks against RSA key exchange.

AirDrop an unwanted nude pic and you could face stiff penalties

Sophos Naked Security - 4 Prosinec, 2018 - 13:10
Sending pics of your bits to strangers could get you a year in jail and/or a $1K fine if this NYC bill gets passed.

Zoom patches serious video conferencing bug

Sophos Naked Security - 4 Prosinec, 2018 - 13:01
Zoom moved to patch a bug in its service this week that enabled people to hijack customer video conferences.

KoffeyMaker: notebook vs. ATM

Kaspersky Securelist - 4 Prosinec, 2018 - 13:00

Despite CCTV and the risk of being caught by security staff, attacks on ATMs using a direct connection — so-called black box attacks — are still popular with cybercriminals. The main reason is the low “entry requirements” for would-be cyber-robbers: specialized sites offer both the necessary tools and how-to instructions.

Kaspersky Lab’ experts investigated one such toolkit, dubbed KoffeyMaker, in 2017-2018, when a number of Eastern European banks turned to us for assistance after their ATMs were quickly and almost freely raided. It soon became clear that we were dealing with a black box attack — a cybercriminal opened the ATM, connected a laptop to the cash dispenser, closed the ATM, and left the crime scene, leaving the device inside. Further investigation revealed the “crime instrument” to be a laptop with ATM dispenser drivers and a patched KDIAG tool; remote access was provided through a connection to a USB GPRS modem. The operating system was Windows, most likely XP, ME, or 7 for better driver compatibility.

ATM dispenser connected to a computer without the necessary drivers

The situation then unfolded according to the usual scenario: the cybercriminal returned at the appointed hour and pretended to use the ATM, while an accomplice remotely connected to the hidden laptop, ran the KDIAG tool, and instructed the dispenser to issue banknotes. The attacker took the money and later retrieved the laptop, too. The whole operation could well be done solo, but the scheme whereby a “mule” handles the cash and ATM side, while a second “jackpotter” provides technical support for a share of the loot, is more common. A single ATM can spit out tens of thousands of dollars, and only hardware encryption between an ATM PC and its dispenser can prevent an attack from occurring.

Overall, the attack was reminiscent of Cutlet Maker, which we described last year, except for the software tools. We were able to reproduce all the steps of KoffeyMaker in our test lab. All the required software was found without too much difficulty. Legitimate tools were used to carry out the attack with the exception of the patched KDIAG utility, which Kaspersky Lab products detect as RiskTool.Win32.DIAGK.a. Note that the same version of this program was previously used by cybercriminals from the Carbanak group.

Hash sums

KDIAG, incl. patched files
49c708aad19596cca380fd02ab036eb2
9a587ac619f0184bad123164f2aa97ca
2e90763ac4413eb815c45ee044e13a43
b60e43d869b8d2a0071f8a2c0ce371aa
3d1da9b83fe5ef07017cf2b97ddc76f1
45d4f8b3ed5a41f830f2d3ace3c2b031
f2c434120bec3fb47adce00027c2b35e
8fc365663541241ad626183d6a48882a
6677722da6a071499e2308a121b9051d
a731270f952f654b9c31850e9543f4ad
b925ce410a89c6d0379dc56c85d9daf0
d7b647f5bcd459eb395e8c4a09353f0d
0bcb612e6c705f8ba0a9527598bbf3f3
ae962a624866391a4321c21656737dcb
83ac7fdba166519b29bb2a2a3ab480f8

Drivers
84c29dfad3f667502414e50a9446ed3f
46972ca1a08cfa1506d760e085c71c20
ff3e0881aa352351e405978e066d9796
4ea7a6ca093a9118df931ad7492cfed5
a8da5b44f926c7f7d11f566967a73a32
f046dc9e38024ab15a4de1bbfe830701
9a1a781fed629d1d0444a3ae3b6e2882

YARA rule rule software_zz_patched_KDIAG { meta: author = "Kaspersky Lab" filetype = "PE" date = "2018-04-28" version = "1.0" hash = "49c708aad19596cca380fd02ab036eb2" strings: $b0 = { 25 80 00 00 00 EB 13 FF 75 EC } $b1 = { EB 1F 8D 85 FC FE FF FF 50 68 7B 2F 00 00 } $s0 = "@$MOD$ 040908 0242/0000 CRS1.EXE W32 Copyright (c) Wincor Nixdorf" condition: ( uint16(0) == 0x5A4D and all of ( $s* ) and all of ( $b* ) ) }

‘Iceman’ hacker charged with running drone-smuggling ring from jail

Sophos Naked Security - 4 Prosinec, 2018 - 12:58
Max Ray Vision says he's innocent of owning the phone used to orchestrate the scheme and ripping off debit cards to fund the drone purchase.

Magecart Group Ups Ante: Now Goes After Admin Credentials

VirusList.com - 4 Prosinec, 2018 - 12:00
The group's skimmer has added some capabilities that steals credentials from admins.
Kategorie: Viry a Červi

Kaspersky Security Bulletin 2018. Statistics

Kaspersky Securelist - 4 Prosinec, 2018 - 11:00

All the statistics used in this report were obtained using Kaspersky Security Network (KSN), a distributed antivirus network that works with various anti-malware protection components. The data was collected from KSN users who agreed to provide it. Millions of Kaspersky Lab product users from 213 countries and territories worldwide participate in this global exchange of information about malicious activity. All the statistics were collected from November 2017 to October 2018.

The year in figures
  • 30 .01% of user computers were subjected to at least one Malware-class web attack over the year.
  • Kaspersky Lab solutions repelled 1 876 998 691 attacks launched from online resources located all over the world.
  • 554 159 621 unique URLs were recognized as malicious by web antivirus components.
  • Kaspersky Lab’s web antivirus detected 21 643 946 unique malicious objects.
  • 765 538 computers of unique users were targeted by encryptors.
  • 5 638 828 computers of unique users were targeted by miners.
  • Kaspersky Lab solutions blocked attempts to launch malware capable of stealing money via online banking on 830 135 devices.

Fill the form below to download the Kaspersky Security Bulletin 2018. Statistics full report (English, PDF):

MktoForms2.loadForm("//app-sj06.marketo.com", "802-IJN-240", 21782);

Yet another mega-leak: 100 million Quora accounts compromised by system invaders

The Register - Anti-Virus - 4 Prosinec, 2018 - 08:01
Passwords should be safe, but reset just in case

Someone's taken a wander through the systems of question-and-answer website Quora, pilfering account details of 100 million users.…

Kategorie: Viry a Červi

Customers baffled as Citrix forces password changes for document-slinging Sharefile outfit

The Register - Anti-Virus - 4 Prosinec, 2018 - 01:23
No reason to panic, apparently: Redoing login details to become a regular thing

Citrix says there is no reason to panic after it asked customers to reset their passwords on its Sharefile service.…

Kategorie: Viry a Červi
Syndikovat obsah