Free Republic 2nd Qtr 2022 Fundraising Target: $82,000 Receipts & Pledges to-date: $72,017
Woo hoo!! And we're now over 87%!! Thank you all very much!! God bless.

Keyword: malware

Brevity: Headers | « Text »
  • Chinese hackers are going after American routers – How to protect yours

    06/14/2022 2:18:09 PM PDT · by American Number 181269513 · 33 replies
    KimKomando ^ | JUNE 13, 2022 | CHARLIE FRIPP
    Your router is a crucial part of your home’s connection. It’s the primary way the internet gets into your house, and it sends out the Wi-Fi signal that connects all your wireless devices. Has it been years since you updated your router? We put together a quick quiz to help you choose the perfect model for your home and needs. This is a must if your connection is spotty and your router isn’t equipped with the latest security standards. Tap or click here to take our router-finder quiz. Even if your firmware is up to date, your router is still...
  • Apple Says WebKit Zero-Day Hitting iOS, macOS Devices

    02/11/2022 5:20:38 PM PST · by bitt · 10 replies
    security week ^ | 2/10/2022 | Ryan Naraine
    Apple’s struggles with zero-day attacks on its iOS and macOS platforms are showing no signs of slowing down. For the second time in as many months, Cupertino released iOS, iPadOS and macOS updates to address a critical WebKit security defect (CVE-2022-22620) that exposes Apple devices to remote code execution attacks. “Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited,” the company said in a barebones advisory. As is customary, Apple did not provide details on the scope of the attack, the platform being targeted,...
  • Watch Out For This Android Malware That Factory Resets Your Phone After Stealing Your Money

    01/28/2022 2:57:16 AM PST · by Libloather · 14 replies
    Gizmodo ^ | 1/27/21 | Lucas Ropek
    Research published earlier this week shows that a nasty Android banking malware has evolved, bringing with it a number of alarming new features—including the ability to factory reset your device after stealing your money. The malware in question is called BRATA, short for “Brazilian Remote Access Tool Android.” As you might expect from its name, it originally popped up in Brazil several years ago but has since spread to many other parts of the globe. Researchers with security firm Cleafy wrote this week that the newest version of the malware, first spotted in December, has a number of additional features...
  • Persistence without “Persistence”: Meet The Ultimate Persistence Bug – “NoReboot”

    01/09/2022 5:59:05 PM PST · by algore
    Mobile Attacker’s Mindset Series – Part II Evaluating how attackers operate when there are no rules leads to discoveries of advanced detection and response mechanisms. ZecOps is proudly researching scenarios of attacks and sharing the information publicly for the benefit of all the mobile defenders out there. iOs persistence is presumed to be the hardest bug to find. The attack surface is somewhat limited and constantly analyzed by Apple’s security teams. Creativity is a key element of the hacker’s mindset. Persistence can be hard if the attackers play by the rules. As you may have guessed it already – attackers...
  • Microsoft Admits It Signed Rootkit Malware That Phones Home To Chinese Military

    Ever since the introduction of Windows Vista in early 2007, Microsoft has enforced the rule that Windows drivers must carry digital signatures by default. Any software that runs in kernel mode, in fact, has to be signed by the company. This is a security measure that should prevent malicious software from digging its claws in too deep. However, what happens when Microsoft gives its blessing to a rootkit? That's what happened a few months ago and was just now discovered thanks to G DATA Software security analyst Karsten Hahn. Initially, the company received a false-positive alert from a driver that...
  • Microsoft warns: Watch out for this new malware that steals passwords, webcam and browser data

    05/13/2021 7:22:23 AM PDT · by ShadowAce · 19 replies
    ZDNet ^ | 13 May 2021 | Liam Tung
    Microsoft has issued an alert over a remote access tool (RAT) dubbed RevengeRAT that it says has been used to target aerospace and travel sectors with spear-phishing emails. RevengeRAT, also known as AsyncRAT, is being distributed via carefully crafted email messages that prompt employees to open a file masquerading as an Adobe PDF file attachment that in fact downloads a malicious visual basic (VB) file. Security firm Morphisec recently flagged the two RATs as part of a sophisticated Crypter-as-a-Service that delivers multiple RAT families.SEE: Network security policy (TechRepublic Premium)According to Microsoft, the phishing emails distribute a loader that then delivers...
  • Stealthy Linux backdoor malware spotted after three years of minding your business

    04/30/2021 8:55:20 AM PDT · by ShadowAce · 34 replies
    The Register ^ | 29 April 2021 | Thomas Claburn
    Chinese security outfit Qihoo 360 Netlab on Wednesday said it has identified Linux backdoor malware that has remained undetected for a number of years.The firm said its bot monitoring system spotted on March 25 a suspicious ELF program that interacted with four command-and-control (C2) domains over the TCP HTTPS port 443 even though the protocol used isn't actually TLS/SSL."A close look at the sample revealed it to be a backdoor targeting Linux X64 systems, a family that has been around for at least three years," Netlab researchers Alex Turing and Hui Wang said in an advisory.An MD5 signature for the...
  • WikiLeaks Vault 7 Marble: Latest Leaks Show CIA Ability To Hide Origins Of Attack

    03/31/2017 4:55:39 PM PDT · by markomalley · 9 replies
    International Business Times ^ | 3/31/17 | AJ Dellinger
    WikiLeaks continued its ongoing release of documents from the CIA Friday with a collection of files detailing the agency’s ability to obscure its activities and make it difficult for investigators to attribute the origins of attacks and hacking.The latest release from what WikiLeaks calls Vault 7 is titled “ Marble ” and contains documentation of files that are purportedly part of the CIA Core Library of malware code. WikiLeaks describes Marble as part of the CIA’s “anti-forensics approach.” The name “Marble” refers to a specific algorithm that scrambles and unscrambles data.Marble is one of the more technical releases that WikiLeaks...
  • China Used Secret Microchip to Spy on US Computers

    02/15/2021 9:50:10 AM PST · by Navy Patriot · 48 replies
    NewsSmacks ^ | February 15, 2021
    In 2010, the U.S. Department of Defense found thousands of its computer servers sending military network data to China — the result of code hidden in chips that handled the machines’ startup process. In 2014, Intel Corp. discovered that an elite Chinese hacking group breached its network through a single server that downloaded malware from a supplier’s update site. And in 2015, the Federal Bureau of Investigation warned multiple companies that Chinese operatives had concealed an extra chip loaded with backdoor code in one manufacturer's servers.
  • FireEye Identifies Killswitch for SolarWinds Malware as Victims Scramble to Respond

    12/20/2020 2:00:33 PM PST · by ATOMIC_PUNK · 15 replies ^ | 12 16 2020 | Jai Vijayan
    White House National Security Council establishes unified group to coordinate response across federal agencies to the threat. FireEye, which last Sunday disclosed a compromise at network management software vendor SolarWinds that allowed an unknown attacker to distribute malware to potentially thousands of organizations, has identified a killswitch that it says would prevent the malware from operating on infected networks. But in networks where the attackers might have already deployed additional persistence mechanisms, the killswitch will not remove the threat from victim networks, according to the security vendor. FireEye on Sunday said that an investigation it was conducting into a breach...
  • Trickbot trojan found to now have the ability to modify a computer's UEFI

    12/04/2020 8:35:07 AM PST · by BenLurkin · 48 replies
    Tech Xplore ^ | 12/04/2020 | Bob Yirka
    A combined team of security experts from Advanced Intelligence and Eclypsium has announced that the Trickbot trojan malware now has the ability to modify a computer's Unified Extensible Firmware Interface—the interface between the firmware on a computer motherboard and the computer's operating system—in this case, Microsoft Windows. Trickbot has been in the news of late due to its advanced capabilities. It has a modular design and is notable for its ability to gain administrative capabilities on infected computers. The entities behind the creation of the trojan are believed to be criminals in Russia and North Korea, and they have used...
  • Justice Department And Indian Authorities Announce Enforcement Actions Against Technical-Support Fraud Scheme Targeting Seniors

    10/16/2020 10:07:48 AM PDT · by ransomnote · 11 replies ^ | October 15, 2020 | Department of Justice
    First Parallel Action by U.S. and Indian Governments Against Elder Fraud A federal court has ordered an individual and 5 companies to stop engaging in a technical-support fraud scheme that is alleged to have defrauded hundreds of elderly and vulnerable U.S. victims, the Department of Justice announced today. The temporary restraining order issued by the court follows the filing of a complaint by the United States, which seeks both preliminary and permanent injunctions to prevent the defendants from further victimizing U.S. consumers.  The complaint filed by the Civil Division’s Consumer Protection Branch and the U.S. Attorney’s Office for the Southern...
  • Report: U.S. Cyber Command Behind [countering] Trickbot Tricks

    10/13/2020 6:58:52 AM PDT · by daniel1212 · 8 replies ^ | Oct 10 | Krebson security.
    A week ago, KrebsOnSecurity broke the news that someone was attempting to disrupt the Trickbot botnet, a malware crime machine that has infected millions of computers and is often used to spread ransomware. A new report Friday says the coordinated attack was part of an operation carried out by the U.S. military’s Cyber Command. On October 2, KrebsOnSecurity reported that twice in the preceding ten days, an unknown entity that had inside access to the Trickbot botnet sent all infected systems a command telling them to disconnect themselves from the Internet servers the Trickbot overlords used to control compromised Microsoft...
  • Why You Should Stop Using Other People’s iPhone Cables (Wow)

    09/22/2020 4:37:11 PM PDT · by cba123 · 66 replies
    Forbes ^ | A few days ago | Zak Doffman
    If, like many others, you think nothing of borrowing a friend or colleague’s charging cable, or plugging into a spare one in the office, or even asking for one from a hotel reception desk, then here’s something that might give you pause. How do you fancy an iPhone charging cable that looks like an Apple original and acts like one as well, but which will tap into a connected device and steal all its secrets, and which has its own radio transmitter to send all that stolen data over the air to a waiting attacker.
  • Garmin services and production go down after ransomware attack

    07/24/2020 10:55:04 AM PDT · by higgmeister · 20 replies
    ZDNet .com ^ | 7/23/20 | Catalin Cimpanu
    Smartwatch and wearables maker Garmin has shut down several of its services on July 23 to deal with a ransomware attack that has encrypted its internal network and some production systems. The company is currently planning a multi-day maintenance window to deal with the attack's aftermath, which includes shutting down its official website, the Garmin Connect user data-syncing service, Garmin's aviation database services, and even some production lines in Asia.
  • Here we go again – more than two dozen Android apps caught stealing your data

    07/07/2020 9:30:25 AM PDT · by BenLurkin · 20 replies
    BGR ^ | 07/07/2020 | Andy Meek
    Evina, a French cybersecurity firm, disclosed this news in recent weeks, with its report that a single threat group developed the batch of apps that were made to look like everything from wallpaper and flashlight apps to mobile games. However, all the apps had the same goal, as Evina explains in its report of the fraud. “When an application is launched on your phone, the malware queries the application name,” the company explains. “If it is a Facebook application, the malware will launch a browser that loads Facebook at the same time. The browser is displayed in the foreground which...
  • A Multinational Tech Company Installed Software To Pay Taxes In China, Then Discovered Malware Inside

    06/25/2020 7:43:36 PM PDT · by SeekAndFind · 8 replies
    Hotair ^ | 06/25/2020 | John Sexton
    This report from NBC News never names the multinational corporation involved but it is not a Chinese company. However because it does do business in China, it was required to pay local taxes. A Chinese bank asked the company to install a piece of software to facilitate paying those taxes, but within hours the company’s entire system had been compromised with sophisticated software. The tax software was legitimate, but embedded inside it was a nasty surprise, according to a new report by a private security firm: A sophisticated piece of malware that gave attackers complete access to the company’s...
  • PSA: Terrible people are running a phishing campaign with fake Covid-19 stats

    05/24/2020 8:08:58 AM PDT · by BenLurkin · 1 replies
    PCGamer ^ | 22 May 2020 | By Paul Lilly
    Security researchers at Microsoft say they have seen a "steady increase" in unsolicited email attachments containing malicious Excel 4.0 macros. It is part of a "massive campaign" to infect PCs with malware under the guise of providing current statistics related to Covid-19. Phishing scams are nothing new by any stretch, but according to Microsoft (via ZDNet), this latest campaign only started around a week ago "and has so far used several hundreds of unique attachments." "The emails purport to come from Johns Hopkins Center bearing 'WHO COVID-19 SITUATION REPORT'. The Excel files open w/ security warning & show a graph...
  • Hackers posed as Egyptian oil contractor in apparent spy campaign ahead of OPEC meeting

    04/23/2020 1:29:32 PM PDT · by nickcarraway · 1 replies
    Cyberscoop ^ | APR 21, 2020 | Jeff Stone
    Hackers are trying to infect organizations throughout the world with a popular strain of malware by sending emails that appear to be from an Egyptian oil company. In research published Tuesday, Romanian antivirus company BitDefender noted a surge in attempted phishing attacks that try to trick users into downloading malware by masquerading as Enppi, an oil company owned by the Egyptian government. The malware, known as Agent Tesla, is a spyware tool which enables hackers to monitor keystrokes, steal data about file downloads and collect username and password credentials from internet browsers, among other capabilities. The number of attacks spiked...
  • Microsoft uses its expertise in malware to help with fileless attack detection on Linux

    02/25/2020 8:32:01 AM PST · by dayglored · 34 replies
    The Register ^ | Feb 25, 2020 | Richard Speed
    Aw, how generous Hey, Linux fans! Microsoft has got your back over fileless threats. Assuming you've bought into the whole Azure Security Center thing.Hot on the heels of a similar release for Windows (if by "hot" you mean "nearly 18 months after") comes a preview aimed at detecting that breed of malware that inserts itself into memory before attempting to hide its tracks.A fileless attack tends to hit via a software vulnerability, inject a stinky payload into an otherwise fragrant system process and then lurk in memory. The malware also attempts to remove any trace of itself on disk, which...