Viry a Červi admits data breach affecting 100 million accounts

Sophos Naked Security - 5 Prosinec, 2018 - 12:54
Hackers have compromised data from the accounts of 100 million users of question and answer site

Now you, too, can snoop on mobe users from 3G to 5G with a Raspberry Pi and €1,100 of gizmos

The Register - Anti-Virus - 5 Prosinec, 2018 - 12:30
Crypto-boffins' paper shows AKA protocol still broken

A protocol meant to protect smartphone users' privacy is vulnerable to fake base station attacks all the way from 3G to 5G, according to a group of international researchers. All the baddies need is a little over €1,100 worth of kit and a laptop.…

Kategorie: Viry a Červi

Those are NOT your grandchildren! FTC warns of new scam

Sophos Naked Security - 5 Prosinec, 2018 - 12:20
Grandkid imposters are managing to finagle a skyrocketing amount of money out of people, the FTC warns.

Could adult content ban spell the end for Tumblr?

Sophos Naked Security - 5 Prosinec, 2018 - 11:54
#TumblrIsDead? Tumblr is banning adult content in an effort to be safer, better, “more positive”.

Google Chrome 71 Touts 43 Fixes, Fights Ad Abuse - 5 Prosinec, 2018 - 05:34
The browser comes with a new set of protections to block pop-ups that could lead to 'abusive experiences.'
Kategorie: Viry a Červi

GOPwned: Republicans fall victim to email hack

The Register - Anti-Virus - 5 Prosinec, 2018 - 00:44
NRCC says it was hit in run-up to 2018 mid-term elections

The National Republican Congressional Committee, the Republican Party's campaigning arm in the US, has confirmed it fell victim to hackers, who broke into its email system.…

Kategorie: Viry a Červi

1-800-Flowers Becomes Latest Payment Breach Victim - 4 Prosinec, 2018 - 22:00
Details are so far scant in this latest in a string of data breaches.
Kategorie: Viry a Červi

He's not cracked RSA-1024 encryption, he's a very naughty Belarusian ransomware middleman

The Register - Anti-Virus - 4 Prosinec, 2018 - 19:15
Dr Shifro pays ransom, gets discount and adds its own margin, says Check Point

A ransomware decryption service has turned out to be – quelle surprise – a Belarusian middleman who simply pays the ransom and adds his own profit margin to the hapless victim's bill.…

Kategorie: Viry a Červi

Google Patches 11 Critical RCE Android Vulnerabilities - 4 Prosinec, 2018 - 17:56
Google’s December Android Security Bulletin tackles 53 unique flaws.
Kategorie: Viry a Červi

Quora Breach Exposes a Wealth of Info on 100M Users - 4 Prosinec, 2018 - 15:29
The information is an early Christmas gift for any social engineer.
Kategorie: Viry a Červi

New paper: Botception: botnet distributes script with bot capabilities

Virus Bulletin News - 4 Prosinec, 2018 - 14:39
In a new paper, Avast researchers Jan Sirmer and Adolf Streda look at how a spam campaign sent via the Necurs botnet was delivering the Flawed Ammyy RAT. As well as publishing the paper, we have also released the video of the reseachers' VB2018 presentation on the same topic.

Read more
Kategorie: Viry a Červi

Bleichenbacher’s CAT puts another scratch in TLS

Sophos Naked Security - 4 Prosinec, 2018 - 14:26
Researchers demonstrate Cache-like ATacks against RSA key exchange.

AirDrop an unwanted nude pic and you could face stiff penalties

Sophos Naked Security - 4 Prosinec, 2018 - 13:10
Sending pics of your bits to strangers could get you a year in jail and/or a $1K fine if this NYC bill gets passed.

Zoom patches serious video conferencing bug

Sophos Naked Security - 4 Prosinec, 2018 - 13:01
Zoom moved to patch a bug in its service this week that enabled people to hijack customer video conferences.

KoffeyMaker: notebook vs. ATM

Kaspersky Securelist - 4 Prosinec, 2018 - 13:00

Despite CCTV and the risk of being caught by security staff, attacks on ATMs using a direct connection — so-called black box attacks — are still popular with cybercriminals. The main reason is the low “entry requirements” for would-be cyber-robbers: specialized sites offer both the necessary tools and how-to instructions.

Kaspersky Lab’ experts investigated one such toolkit, dubbed KoffeyMaker, in 2017-2018, when a number of Eastern European banks turned to us for assistance after their ATMs were quickly and almost freely raided. It soon became clear that we were dealing with a black box attack — a cybercriminal opened the ATM, connected a laptop to the cash dispenser, closed the ATM, and left the crime scene, leaving the device inside. Further investigation revealed the “crime instrument” to be a laptop with ATM dispenser drivers and a patched KDIAG tool; remote access was provided through a connection to a USB GPRS modem. The operating system was Windows, most likely XP, ME, or 7 for better driver compatibility.

ATM dispenser connected to a computer without the necessary drivers

The situation then unfolded according to the usual scenario: the cybercriminal returned at the appointed hour and pretended to use the ATM, while an accomplice remotely connected to the hidden laptop, ran the KDIAG tool, and instructed the dispenser to issue banknotes. The attacker took the money and later retrieved the laptop, too. The whole operation could well be done solo, but the scheme whereby a “mule” handles the cash and ATM side, while a second “jackpotter” provides technical support for a share of the loot, is more common. A single ATM can spit out tens of thousands of dollars, and only hardware encryption between an ATM PC and its dispenser can prevent an attack from occurring.

Overall, the attack was reminiscent of Cutlet Maker, which we described last year, except for the software tools. We were able to reproduce all the steps of KoffeyMaker in our test lab. All the required software was found without too much difficulty. Legitimate tools were used to carry out the attack with the exception of the patched KDIAG utility, which Kaspersky Lab products detect as RiskTool.Win32.DIAGK.a. Note that the same version of this program was previously used by cybercriminals from the Carbanak group.

Hash sums

KDIAG, incl. patched files


YARA rule rule software_zz_patched_KDIAG { meta: author = "Kaspersky Lab" filetype = "PE" date = "2018-04-28" version = "1.0" hash = "49c708aad19596cca380fd02ab036eb2" strings: $b0 = { 25 80 00 00 00 EB 13 FF 75 EC } $b1 = { EB 1F 8D 85 FC FE FF FF 50 68 7B 2F 00 00 } $s0 = "@$MOD$ 040908 0242/0000 CRS1.EXE W32 Copyright (c) Wincor Nixdorf" condition: ( uint16(0) == 0x5A4D and all of ( $s* ) and all of ( $b* ) ) }

‘Iceman’ hacker charged with running drone-smuggling ring from jail

Sophos Naked Security - 4 Prosinec, 2018 - 12:58
Max Ray Vision says he's innocent of owning the phone used to orchestrate the scheme and ripping off debit cards to fund the drone purchase.

Magecart Group Ups Ante: Now Goes After Admin Credentials - 4 Prosinec, 2018 - 12:00
The group's skimmer has added some capabilities that steals credentials from admins.
Kategorie: Viry a Červi

Kaspersky Security Bulletin 2018. Statistics

Kaspersky Securelist - 4 Prosinec, 2018 - 11:00

All the statistics used in this report were obtained using Kaspersky Security Network (KSN), a distributed antivirus network that works with various anti-malware protection components. The data was collected from KSN users who agreed to provide it. Millions of Kaspersky Lab product users from 213 countries and territories worldwide participate in this global exchange of information about malicious activity. All the statistics were collected from November 2017 to October 2018.

The year in figures
  • 30 .01% of user computers were subjected to at least one Malware-class web attack over the year.
  • Kaspersky Lab solutions repelled 1 876 998 691 attacks launched from online resources located all over the world.
  • 554 159 621 unique URLs were recognized as malicious by web antivirus components.
  • Kaspersky Lab’s web antivirus detected 21 643 946 unique malicious objects.
  • 765 538 computers of unique users were targeted by encryptors.
  • 5 638 828 computers of unique users were targeted by miners.
  • Kaspersky Lab solutions blocked attempts to launch malware capable of stealing money via online banking on 830 135 devices.

Fill the form below to download the Kaspersky Security Bulletin 2018. Statistics full report (English, PDF):

MktoForms2.loadForm("//", "802-IJN-240", 21782);

Yet another mega-leak: 100 million Quora accounts compromised by system invaders

The Register - Anti-Virus - 4 Prosinec, 2018 - 08:01
Passwords should be safe, but reset just in case

Someone's taken a wander through the systems of question-and-answer website Quora, pilfering account details of 100 million users.…

Kategorie: Viry a Červi

Customers baffled as Citrix forces password changes for document-slinging Sharefile outfit

The Register - Anti-Virus - 4 Prosinec, 2018 - 01:23
No reason to panic, apparently: Redoing login details to become a regular thing

Citrix says there is no reason to panic after it asked customers to reset their passwords on its Sharefile service.…

Kategorie: Viry a Červi
Syndikovat obsah