Posts

Trojan malware is back and it's the biggest hacking threat to your business

Image
  Old school but effective, hackers are shifting aware from in-your-face ransomware to attacks that are much more subtle. Trojan malware attacks against business targets have rocketed in the last year, as cyber criminals alter their tactics away from short-term gain and in-your-face ransomware attacks towards more subtle, long-term campaigns with the aim of stealing information including banking information, personal data and even intellectual property. Figures from security company Malwarebytes Labs  in a new report  suggest that trojan and backdoor attacks have risen to become the most detected against businesses – and the number of trojan attacks has more than doubled in the last year, increasing by 132 percent between 2017 and 2018, with backdoors up by 173 percent. Malwarebytes classifies trojans and backdoors separately, describing  a trojan  as a program "that claim to perform one function but actually do another", Meanwhile, a  backdoor  is defined as "a type of

Over 87GB of email addresses and passwords exposed in Collection 1 dump

Image
  An 87GB dump of email addresses and passwords containing almost 773 million unique addresses and just under 22 million unique passwords has been found. Almost 773 million unique email addresses and just under 22 million unique passwords were found to be hosted on cloud service MEGA. Image: Troy Hunt In a blog post, security researcher Troy Hunt said the collection totalled over 12,000 separate files and more than 87GB of data. The data, dubbed Collection #1, is a set of email addresses and passwords totalling 2,692,818,238 rows that has allegedly come from many different sources. "What I can say is that my own personal data is in there and it's accurate; right email address and a password I used many years ago," Hunt wrote. "In short, if you're in this breach, one or more passwords you've previously used are floating around for others to see." Some passwords, including his own, have been "dehashed", that is converted back to plain text. H

All the flash-y new storage technologies showcased at CES 2019

  Higher densities and new storage technologies for specialized use cases were unveiled at CES 2019. Manufacturers of traditional hard drives and flash storage solutions outlined their product roadmaps at  CES 2019 . While some new products expected ship as early as this quarter, others are simply proof-of-concept devices requiring refinement before hitting store shelves. Here is pick of the most important storage announcements made at CES this year. SanDisk SanDisk introduced the new  SanDisk Extreme PRO Portable SSD , which connects to devices using either USB-A or USB-C 3.1 Gen 2. Internally, the drive uses an NVMe to USB bridge, allowing for speeds up to 1 GB/s. The Extreme PRO uses a ruggedized shell similar to the standard Extreme Portable SSD, which uses a slower SATA to USB bridge. The newly announced variant opts for an aluminium shell to better dissipate heat from the SSD. The Extreme PRO Portable SSD will be available in 512 GB, 1 TB, and 2 TB capacities. SanDisk also demons

Windows 10 finally overtakes Windows 7 as favorite desktop OS

Image
  The turning point was flagged by web traffic analytics firm Net Applications, whose NetMarketShare figures showed Windows 10's market share on desktop and laptop PCs passing Windows 7 in December 2018. More than three years after its launch, Windows 10 has finally overtaken its predecessor Windows 7 in terms of popularity. The turning point was flagged by web traffic analytics firm Net Applications, whose NetMarketShare  figures showed Windows 10's market share on desktop and laptop PCs overtaking Windows 7  for the first time in December 2018. In that month, 39.22% of all Windows PCs were running Windows 10 and 36.90% were running Windows 7, according to the NetMarketShare figures. Overall, Windows was by far the most popular desktop OS, with 86.2% market share. In the middle of last year, Microsoft said that Windows 10 was running on nearly 700 million devices each month. That figure didn't just include PCs, but also tablets, phones, and Xbox consoles. While Microsoft i

D3c3mb3r hackers exploit ThinkPHP flaw to hack thousands of Chinese websites

Image
  ThinkPHP flaw to hack thousands of Chinese websites A hacker group named D3c3mb3r has been found exploiting the vulnerability in the wild. Another hacker group was also found exploiting the vulnerability to infect servers with the Miori malware. A bug in the ThinkPHP framework has left over 45,000 websites open to a barrage of attacks. Hackers have been exploiting the bug to gain access to web servers. A hacker group named D3c3mb3r has been found exploiting the vulnerability in the wild. Another hacker group was also found exploiting the vulnerability to infect servers with the Miori malware. According to the attacks began after a Chinese cybersecurity firm, VulnSpy, posted a proof-of-concept (PoC) of the exploit for ThinkPHP on ExploitDB - a popular website that hosts free exploit code. The PoC points out that by exploiting the vulnerability, attackers could execute malicious code on the underlying server. "The PoC was published on December 11, and we saw internet-wide scans le

Thousands of Jenkins servers will let anonymous users become admins

Image
  Two vulnerabilities discovered and patched over the summer expose Jenkins servers to mass exploitation. Thousands, if not more, Jenkins servers are vulnerable to data theft, takeover, and cryptocurrency mining attacks. This is because hackers can exploit two vulnerabilities to gain admin rights or log in using invalid credentials on these servers. Both vulnerabilities were discovered by security researchers from CyberArk , were privately reported to the Jenkins team, and received fixes over the summer. But despite patches for both issues, there are still thousands of Jenkins servers available online Jenkins  is a web application for  continuous integration  built in Java that allows development teams to run automated tests and commands on code repositories based on test results, and even automate the process of deploying new code to production servers. Jenkins is a popular component in many companies' IT infrastructure and these servers are very popular with both freelancers and

Microsoft Edge: What went wrong, what's next

Image
  Microsoft's grand browser experiment flopped in the marketplace, so the company is turning to an unlikely successor: the open-source Chromium project. Can it succeed where EdgeHTML failed? Microsoft today confirmed the rumors that have been swirling all week. As part of a sweeping change to one of the flagship components of Windows 10, it will rebuild its Microsoft Edge browser from the ground up, ripping out its proprietary EdgeHTML rendering engine and replacing it with the open-source Chromium code base. Yes,  that  Chromium. The same one that's at the heart of archrival Google's Chrome browser. Mary Jo Foley has the details here:  "Microsoft's Edge to morph into a Chromium-based, cross-platform browser." It's an extraordinary capitulation from Microsoft, which has spent nearly four years and a staggering amount of engineering effort on a quixotic campaign to convince Windows 10 users to ditch their current browser in favor of Microsoft Edge. That eff

More Than 100,000 PCs in China Infected by New Ransomware Strain

Image
  A new ransomware strain successfully infected more than 100,000 personal computers in China over a period of just four days. According to a  report  from Velvet Security, the first samples of this ransomware broke out on 1 December after users installed multiple social media-themed apps including “Account Operation V3.1,” an app designed to help users manage multiple QQ accounts. The Chinese anti-virus firm subsequently monitored the threat over the next few days. By the evening of 4 December, firm had identified at least 100,000 infections by the yet-unnamed virus. A screenshot of the ransomware. (Source: ZDNet) This particular threat stands out for several reasons. First, it doesn’t just lock users’ computers and encrypt their files. It also comes with a component designed to steal victims’ login credentials for Chinese digit wallet services, personal  cloud  file hosting platforms, email providers and online shopping portals. Second, the ransomware doesn’t use Bitcoin for its rans

Dell announces security breach due to unauthorised intruder

Image
Company says it detected an intrusion at the start of the month, but financial data was not exposed. US-based hardware giant Dell announced today a security breach that took place earlier this month, on November 9. Dell says it detected an unauthorized intruder (or intruders) "attempting to extract Dell.com customer information" from its systems, such as customer names, email addresses, and hashed passwords. The company didn't go into details about the complexity of the password hashing algorithm, but some of these --such as MD5-- can be broken within seconds to reveal the plaintext password. "Though it is possible some of this information was removed from Dell's network, our investigations found no conclusive evidence that any was extracted," Dell said today in a   press release . In a statement, Dell said it's still investigating the incident, but said the breach wasn't extensive, with the company's engineers detecting the

New Linux crypto-miner steals your root password and disables your antivirus

Image
Trojan also installs a rootkit and another strain of malware that can execute DDoS attacks. Malware targeting Linux users may not be as widespread as the strains targeting the Windows ecosystem, but Linux malware is becoming just as complex and multi-functional as time passes by. The latest example of this trend is a new trojan discovered this month by Russian antivirus maker Dr.Web. This new malware strain doesn't have a distinctive name, yet, being only tracked under its generic detection name of Linux.BtcMine.174. But despite the generic name, the trojan is a little bit more complex than most Linux malware, mainly because of the plethora of malicious features it includes. The trojan itself is a giant shell script of over 1,000 lines of code. This script is the first file executed on an infected Linux system. The first thing this script does is to find a folder on disk to which it has write permissions so it can copy itself and later use to download other modules. O