A strand of malware designed to hit machines running MacOS is being used in a scheme to target customers at Swiss banks in an attempt to gain access to their accounts.
The malware, discovered by security firm TrendMicro and dubbed OSX_DOK, is a variant of another form of malware used during an ongoing assault on patrons of Swiss banks, where a number of security vulnerabilities have been targeted by attackers. OSX_DOK arrives on a victim’s machine as part of a phishing scheme. It is delivered via email alongside a compromised .zip or .docx file that purports to be either a Mac app or a Microsoft Word document.Read more
WikiLeaks has today published the 15th batch of its ongoing Vault 7 leak, this time detailing two alleged CIA implants that allowed the agency to intercept and exfiltrate SSH (Secure Shell) credentials from targeted Windows and Linux operating systems using different attack vectors.
Secure Shell or SSH is a cryptographic network protocol used for remote login to machines and servers securely over an unsecured network. Dubbed BothanSpy — implant for Microsoft Windows Xshell client, and Gyrfalcon — targets the OpenSSH client on various distributions of Linux OS.Read more
Windows Fall Creators Update will come with a hefty serving of security upgrades, made timely by the increasingly rampant cyberattacks targeting the platform these days.
Microsoft has revealed how the upcoming major update will level up Windows Defender Advanced Threat Protection, a Win 10 enterprise service that flags early signs of infection. Windows enterprise director Rob Lefferts said the upgrade will use data from Redmond's cloud-based services to create an AI anti-virus that will make ATP much better at preventing cyberattacks.Read more
The major premise justifying Windows 10 S, the new variant of Windows 10 that can only install and run applications from the Windows Store, is that by enforcing such a restriction, Windows 10 S can offer greater robustness and consistency than regular Windows.
For example, apps from the Windows Store can't include unwanted malicious software within their installers, eliminating the bundled spyware that has been a regular part of the Windows software ecosystem. If Windows 10 S can indeed provide much stronger protection against bad actors then its restrictions represent a reasonable trade-off.Read more
A portion of Microsoft’s Windows 10 source code has leaked online. Files related to Microsoft’s USB, storage, and Wi-Fi drivers in Windows 10 were posted to Beta Archive.
Beta Archive is a site that tracks Windows releases, and asks members to donate money or contribute something Windows-related if they access a free private FTP full of archived Windows builds. The leaked code was published to Beta Archive’s FTP, and is part of Microsoft's Shared Source Kit. “Our review confirms that these files are actually a portion of the source code from the Shared Source Initiative and is used by OEMs and partners,” reveals a Microsoft spokesperson.Read more
In spite of a flurry of patches designed to fix Windows Defender, at least one security researcher reckons there's still work to be done.
James Lee, who has presented at conferences like Zer0con, has contacted experts to say the key vulnerable component, MsMpEng, is still subject to remote code execution. As with the bugs disclosed by Tavis Ormandy and fellow Project Zero researcher Mateusz Jurczyk, the bugs Lee's outlined to us arise because of insufficient sandboxing. While he hasn't provided full details to us, he's posted two remote code execution proof-of-concept videos at YouTube:Read more
When you're a bad guy breaking into a network, the first problem you need to solve is, of course, getting into the remote system and running your malware on it. But once you're there, the next challenge is usually to make sure that your activity is as hard to detect as possible.
Microsoft has detailed a neat technique used by a group in Southeast Asia that abuses legitimate management tools to evade firewalls and other endpoint-based network monitoring. The group, which Microsoft has named PLATINUM, has developed a system for sending files — such as new payloads to run and new versions of their malware — to compromised machines.Read more
The UK’s Trident submarine fleet is vulnerable to a “catastrophic” cyber-attack that could render Britain’s nuclear weapons useless. The report, Hacking UK Trident: A Growing Threat, warns that a successful cyber-attack could “neutralise operations, lead to loss of life, defeat or perhaps even the catastrophic exchange of nuclear warheads”.
The Ministry of Defence has repeatedly said the operating systems of Britain’s nuclear submarines cannot be penetrated while at sea because they are not connected to the internet at that point. But the report’s authors, the British American Security Information Council, expressed scepticism.Read more
Microsoft has accidentally published a new Windows 10 build for PCs and mobile devices, and it turns out that the release is actually bricking smartphones by pushing them into an infinite reboot loop.
Windows 10 build 16212 was never supposed to go public, but due to an error it was published for insiders in the Fast, Slow, and Release Preview rings, with some reports claiming that even a number of users who weren't participating in the Windows Insider program got it. There is no confirmation in this regard, but if you do receive it, just don't install the new build on your PC. This build indeed pushes phones into a boot loop.Read more
Microsoft has responded to claims that its Windows 10 Enterprise operating system ignores user preferences in Group Policy with the advice that, basically, it does and you shouldn't meddle with it.
On Monday, we revealed that a security researcher had used a packet sniffer to show that many settings designed to prevent access to the internet were being ignored with connections to a range of third-party servers including advertising hubs. The security researcher, Mark Burnett, went on to show that with teredo IPv6 disabled, the system still checks for IPv6 connectivity. SmartScreen is disabled but it still connects. Telemetry is disabled. Still connects.Read more