A massive cryptocurrency mining botnet has taken over half a million machines and may have made its cybercriminal controllers millions of dollars - and the whole operation is powered by EternalBlue, the leaked NSA exploit which made the WannaCry ransomware outbreak so destructive.
The Smominru miner botnet turns infected machines into miners of the Monero cryptocurrency and is believed to have made its owners around $3.6 million since it started operating in May 2017 - about a month after EternalBlue leaked and around the same time as the WannaCry attack.Read more
Facial recognition systems appear to be the next big thing on our devices, be they smartphones or laptops, and naturally, security researchers and users alike tried to determine whether these are more secure than the typical password or the fingerprint sensors they often replace.
In the case of the iPhone X, Apple’s new smartphone that comes with a facial recognition system called Face ID, researchers have managed to unlock the device with a specially-crafted mask. A number of users have demonstrated that lookalike people or siblings could also bypass Face ID to get access to the home screen, raising questions as to how secure the iPhone X facial recognition system really is.Read more
If you are running Windows 10 on your PC, then there are chances that your computer contains a pre-installed 3rd-party password manager app that lets attackers steal all your credentials remotely. Starting from Windows 10 Anniversary Update, Microsoft added a new feature called Content Delivery Manager that silently installs new "suggested apps" without asking for users’ permission.
According to a blog post published Friday on Chromium Blog, Google Project Zero researcher Tavis Ormandy said he found a pre-installed famous password manager, called "Keeper," on his freshly installed Windows 10 system which he downloaded directly from the Microsoft Developer Network.Read more
An aggressive and sophisticated malware campaign is currently underway, targeting Linux and Windows servers with an assortment of exploits with the goal of installing malware that mines the Monero cryptocurrency.
The campaign was detected by security researchers from F5 Networks, who named it Zealot, after zealot.zip, one of the files dropped on targeted servers. According to Maxim Zavodchik and Liron Segal, two security researchers for F5 Networks, the attackers are scanning the Internet for particular servers and using two exploits, one for Apache Struts and one for the DotNetNuke ASP.NET CMS, to get a foothold on unpatched machines.Read more
Windows 7 users are reporting problems checking for updates through Windows Update and Microsoft Update. The root of the problem may be an expiration date that Microsoft needs to fix on its side, noted experts earlier today.
A Microsoft Answers thread for those hit by the Windows Update Error 80248015 -- which began at some point on December 3 -- is growing. I've also seen some with Windows Server 2008 reporting this same problem on Twitter. I am one of those affected on my desktop Dell PC that's running Windows 7 SP1. The message I am seeing is "Windows could not search for new updates."Read more
A researcher is warning that a programming error in the Microsoft Windows kernel might inhibit security software vendors and kernel developers from properly identifying modules loaded during runtime, including potentially malicious files. However, Microsoft does not view the issue as a security threat.
According to Omri Misgav, security researcher at enSilo, the bug affects all Windows operating systems from Windows 2000 to Windows 10. Specifically, the flaw pertains to a security mechanism called PsSetLoadImageNotifyRoutine, which provides notifications when PE image files are loaded in runtime to virtual memory space.Read more
A strand of malware designed to hit machines running MacOS is being used in a scheme to target customers at Swiss banks in an attempt to gain access to their accounts.
The malware, discovered by security firm TrendMicro and dubbed OSX_DOK, is a variant of another form of malware used during an ongoing assault on patrons of Swiss banks, where a number of security vulnerabilities have been targeted by attackers. OSX_DOK arrives on a victim’s machine as part of a phishing scheme. It is delivered via email alongside a compromised .zip or .docx file that purports to be either a Mac app or a Microsoft Word document.Read more
WikiLeaks has today published the 15th batch of its ongoing Vault 7 leak, this time detailing two alleged CIA implants that allowed the agency to intercept and exfiltrate SSH (Secure Shell) credentials from targeted Windows and Linux operating systems using different attack vectors.
Secure Shell or SSH is a cryptographic network protocol used for remote login to machines and servers securely over an unsecured network. Dubbed BothanSpy — implant for Microsoft Windows Xshell client, and Gyrfalcon — targets the OpenSSH client on various distributions of Linux OS.Read more
Windows Fall Creators Update will come with a hefty serving of security upgrades, made timely by the increasingly rampant cyberattacks targeting the platform these days.
Microsoft has revealed how the upcoming major update will level up Windows Defender Advanced Threat Protection, a Win 10 enterprise service that flags early signs of infection. Windows enterprise director Rob Lefferts said the upgrade will use data from Redmond's cloud-based services to create an AI anti-virus that will make ATP much better at preventing cyberattacks.Read more
The major premise justifying Windows 10 S, the new variant of Windows 10 that can only install and run applications from the Windows Store, is that by enforcing such a restriction, Windows 10 S can offer greater robustness and consistency than regular Windows.
For example, apps from the Windows Store can't include unwanted malicious software within their installers, eliminating the bundled spyware that has been a regular part of the Windows software ecosystem. If Windows 10 S can indeed provide much stronger protection against bad actors then its restrictions represent a reasonable trade-off.Read more
110 Reykjavik, Iceland