• Malicious lifestyle apps found on Google Play, 30 million installs recorded
    A total of 50 malicious apps have managed to bypass Google's security checks and land on the Google Play store, leading to millions of installs on Android devices. It was only last week that researchers from Check Point uncovered a total of six apps laden with the PreAMo ad fraud malware on Google Play which had been installed 90 million times. Now, the cybersecurity team from Avast have found a further 50 apps relating to lifestyle services which masquerade as legitimate software but are actually adware, and these malicious apps have been downloaded a total of 30 million times. "Although the bypassing itself is not explicitly forbidden on the Play Store, Avast detects it as Android:Agent-SEB [PUP], because apps using these libraries waste the user's battery and make the device slower," the researchers say. Each app displays full-blown ads to users, and in some cases, will also attempt to lure viewers to install additional adware-laden applications. Newer versions of TsSdk were found in music and fitness apps and have been installed almost 28 million times.Read More
  • Banking Trojan Drive-by Download Leverages Trust in Google Sites
    Brazilian hackers have developed a drive-by download attack leveraging the inherent trust in the Google name. A banking trojan known as LoadPCBanker is deployed using the file cabinets template in Google sites as a delivery vehicle. The process, discovered by Netskope, relies heavily on users' tendency to trust the Google name, together with an apparent failure by Google to block malicious uploads to the File Cabinet. Although Google search does not disclose such a guest house, there is a Manoel Carvalho who plays football for the Brazilian Corinthians team on loan from Cruzeiro -- and the attackers are likely relying on natural curiosity, especially the Brazilian love of football, to tempt visitors into downloading the malware. The malware is clearly targeted at Portuguese speakers; but the difficulties in money transfers into and out of Brazil make it likely that they are only interested in Brazilian targets and Brazilian banks. It noted that in general, the Brazilian hacker is very insular: Brazilian bank fraud is primarily targeted against Brazilian banks.Read More
  • FBI: US companies lost $1.3 billion in 2018 due to BEC scams
    Losses due to BEC (Business Email Compromise) scams have doubled in 2018, compared to 2017 figures, and have reached a whopping $1.3 billion, according to the yearly FBI internet crime report. On the other hand, the number of ransomware victim complaints has gone down to 2014 levels, when ransomware attacks first started to become popular across the world; however, financial losses caused by ransomware attacks are now higher than ever, suggesting that crooks are now carefully selecting their victims in order to inflict the greatest damage and obtain the highest payouts. These scams rely on hackers compromising a legitimate email account, which they use to send out emails to trick employees at the same company or upstream/downstream business partners to wire funds into their accounts, using fake invoices or business contracts. As the table below shows, complaints and losses from BEC scams have exploded in recent years, with 2018 passing the one billion mark in terms of damages --marking the first time a form of cybercrime has caused damages of more than $1 billion.Read More
  • DNSpionage brings out the Karkoff
    In April 2019, we also discovered the actors using a new malware, which we are calling "Karkoff." This post will cover the aforementioned DNSpionage updates, the discovery of the Karkoff malware and an analysis of the recent Oilrig malware toolset leak — and how it could be connected to these two attacks. Instead of using the .oracleServices directory, which we had previously observed, the attacker uses a .msdonedrive directory and renames the malware "taskwin32.exe." The scheduled task was also renamed to "onedrive updater v10.12.5." This new sample is similar to the previous version disclosed in our previous post. It is in reverse order starting with "rNameA," followed by "GetUse," and the offset is also named incorrectly "aRnamea" and "aGetuse" (GetUserNameA()): For example, the following rule would no longer alert due to a failed pattern match: rule DNSpionage { strings: $conf="Configure.txt" condition: All of them } The malware searches for two specific anti-virus platforms: Avira and Avast.Read More
  • Belkin Wemo Zero-Day Vulnerability Could Leave the Door Open for IoT Attacks
    The Belkin Wemo Insight smart plug is still at risk of zero-day attacks nearly one year after a vulnerability was first disclosed, security researchers discovered. The researchers suggested that threat actors are targeting a diverse range of internet of things (IoT) devices in the hopes of discovering one with a vulnerability, and then using default credentials to gain access. How the Belkin Wemo Becomes an IoT Attack Target Researchers had informed Belkin about a remote code execution problem with its smart plug device on May 21, 2018. If consumers don’t use strong passwords for IoT devices and ensure they aren’t unnecessarily tied to critical network devices, bugs such as the Belkin Wemo vulnerability could allow cybercriminals to take over everything from smart TVs to desktops and even surveillance cameras, the researchers added. Security by Design Principles for IoT Devices Of course, threat actors will likely look for vulnerabilities in many other IoT devices to penetrate network defenses.Read More
  • Healthcare has a massive cybersecurity problem, and we’re not doing enough to fix it.
    The value of healthcare data Bringing technology into the healthcare system is overdue, and should be revolutionary. neccorp, CC BYPart of the cybersecurity problem has less to do with the security flaws present in healthcare systems and more to do with the enormous value of healthcare data. Hospitals and healthcare organizations are tasked with gathering tons of personal details on their patients, including their social security numbers, medications they’re taking, and credit card information. As our healthcare systems increasingly rely on digital interfaces for patients and personal medical devices, much of the security burden is placed on patients. Another is an interest issue; healthcare experts got into healthcare because they care about treating and improving people’s lives, not because they like working with computers. Many hospitals and security organizations are stepping up their efforts to improve security, but they simply aren’t doing enough.Read More
  • Singapore's cyber security chief says international norms, partnerships are key issues
    "Cyberspace should not be any different from the physical domains," Mr Koh said. "For instance, in the maritime domain, there are rules that govern how states should behave, such as through the United Nations Convention on the Law of the Sea." "Similarly, in the aviation domain, we abide by rules set by the International Civil Aviation Organisation. These rules underpin our modern economies and security." "We are sharply cognisant that a world where "might makes right" spells disaster for us, and other small states and perhaps middle powers," he said. "Some in these circles have said that it is challenging for states to agree on consensual positions… and that perhaps the UN is not working the way it should be," Mr Koh said. "The threats are coming from all over the world, so it compels us to work closely with our regional and international partners." Singapore sees cybersecurity as a key enabler for its Smart Nation drive.Read More
  • Analysis: Abuse of Custom Actions in Windows Installer MSI to Run Malicious JavaScript, VBScript, and PowerShell Scripts
    Windows Installer uses Microsoft Software Installation (MSI) package files to install programs. We recently discovered malicious MSI files that download and execute other files and could bypass traditional security solutions. Malicious actors can abuse custom actions in these files to execute malicious scripts and drop malware that are either capable of initiating a system shutdown or targeting financial systems located in certain locations. The .zip file contains normal files like iLua.inf, msvcr120.dll, and msvcp120.dll; files digitally signed by Avira; AutoIt-related files; and an encrypted dynamic-link library (DLL). To be able to execute malicious code in the context of a legitimate process and bypass security solutions, the malware is using one of our Avira executables out of the context of an Avira regular installation to inject malicious code into it. As a first line of defense, we recommend that users avoid installing unknown files and clicking on URLs that may redirect to sites that download malicious files.Read More
  • Defense Digital Service chief stepping down after 'nerd tour of duty'
    Since “Hack the Pentagon,” DDS has gone on to help oversee more than a dozen such efforts throughout the armed services and even the Pentagon’s travel booking system. Chris Lynch, director of the Pentagon’s Defense Digital Service, will step down this month after four years running his so-called “SWAT Team of Nerds.” After serving with the U.S. Digital Service team at the Obama White House, former Defense Secretary Ash Carter recruited Lynch in 2015 to establish a small team of engineers and digital experts from places like Google and Facebook to untangle DoD’s most critical IT problems. The team quickly made a name for itself with the 2016 “Hack the Pentagon” program — the federal government’s first bug bounty effort that uncovered nearly 140 previously unidentified flaws on some Pentagon websites. “Although we will miss Chris, the unique startup culture he built and the talented team he recruited will continue to disrupt and transform technology at the DoD,” acting Defense Secretary Patrick Shanahan said in a statement.Read More
  • Fingerprint scanner on Nokia 9 Pureview gets tricked by a gum after latest update
    Fingerprint scanner on Nokia 9 Pureview gets tricked by a gum after latest update. A flawed update has impacted the phone's in-screen fingerprint scanner. The bug allows any stranger to bypass the phone's lock.Read More