Free Republic

A Web site set up by PC maker Dell Inc. to help customers recover from malicious software and other computer maladies may have been hijacked for a few weeks this summer by people who specialize in deploying said malware, KrebsOnSecurity has learned. There is a program installed on virtually all Dell computers called “Dell Backup and Recovery Application.” It’s designed to help customers restore their data and computers to their pristine, factory default state should a problem occur with the device. That backup and recovery program periodically checks a rather catchy domain name — DellBackupandRecoveryCloudStorage.com — which until recently was...

I will try to jot enough notes while listening to the video to catch the basics in case you don't want to watch it. Video at link asserts millions of devices already infected with malware capable of taking down the internet (including peripherals like webcams, video recorders etc.). Netlab360 warns that millions of devices already have been infected by IoT_reaper malware and the infection is rapidly expanding. Netlab360 says vulnerable "device IP's are being queued into the system that will then be injected into this malicious code." This attack was discovered mid-September and was based on the source code for...

A below-the-radar security feature in the Windows 10 Fall Creators Update, aka version 1709 released last week, can stop ransomware and other file-scrambling nasties dead.The controlled folder access mechanism within Windows Defender prevents suspicious applications from changing the contents of selected protected folders.Though controlled folder access has been known about for months – it surfaced with Insider builds earlier this summer – the feature is only now being thrust into the spotlight with the general public release of the Fall Creators Update for Windows 10.The feature can be enabled through the Windows Defender Security Center App for most users, and...

'This is something new for CSE,' says the agency, which is trying to shed its old reputationCanada's electronic spy agency says it is taking the "unprecedented step" of releasing one of its own cyber defence tools to the public, in a bid to help companies and organizations better defend their computers and networks against malicious threats. The Communications Security Establishment (CSE) rarely goes into detail about its activities — both offensive and defensive — and much of what is known about the agency's activities have come from leaked documents obtained by U.S. National Security Agency whistleblower Edward Snowden and published...

CBS Local — A computer program used to help your PC run faster has reportedly become the latest victim of hackers looking to breach the security of millions of its users. CCleaner, the computer-optimizing tool made by software company Piriform, was successfully infected by malware, according to security firm Cisco Talos. The malware reportedly tried to connect to unregistered websites in order to remotely download even more harmful programs to users’ computers. Security experts say the Trojan horse-style attack hackers launched affected over 2 million CCleaner customers who downloaded the product in August. “By exploiting the trust relationship between software...

Security firm says 'BlueBorne' is only a risk if your device isn't updated VIDEO A recent report warned of a possible attack based on vulnerabilities found in Bluetooth, but Google, Microsoft, and Apple already addressed the issue.Bluetooth was originally created in 1998 to serve as a secure short-range wireless connection between two devices. It pairs our wireless mice to our laptops, our smartwatches to our smartphones, and so on. But a recent report published by security firm Armis points to eight Bluetooth-related vulnerabilities — four of which are critical — that reside on more than 5 billion Android, Windows, Linux, and...

More than 5 billion devices are vulnerable to a "highly infectious" malware attack. Go ahead, blame the internet of things. Armis Labs says more than 5 billion devices are vulnerable to attacks through newly discovered Bluetooth exploits.–Josh Miller/CNET More than 5.3 billion devices with Bluetooth signals are at risk of a malware attack newly identified by an internet of things security company. If you're not keeping count, that's most of the estimated 8.2 billion devices that use Bluetooth, which allows for our gadgets to connect and communicate wirelessly. Nearly every connected device out there has Bluetooth capability. Your phones, laptops,...

Google has removed roughly 300 apps from its Play Store after security researchers from several internet infrastructure companies discovered that the seemingly harmless apps—offering video players and ringtones, among other features—were secretly hijacking Android devices to provide traffic for large-scale distributed denial of service (DDoS) attacks. The botnet, nicknamed WireX, caught the attention of security researchers at the content delivery network Akamai when it was used to attack one of its clients earlier this month. Akamai’s client, a multinational hospitality company, was hit with traffic from hundreds of thousands of IP addresses. “We identified approximately 300 apps associated with the...

The Central Intelligence Agency apparently didn’t trust its partners in the American intelligence and created a fake software update to steal their data. Part of an internal project called ExpressLane, the bogus update was installed by the CIA Office of Technical Service (OTS) agents purported to be upgrading the biometric collection system.This biometric system was installed at the “liaison services” that included National Security Agency, Department of Homeland Security, and the Federal Bureau of Intelligence. The agency reportedly installed these at partner offices around the world to gain biometric data that was collected by the other agencies. The scathing revelation...

A security researcher has found that the popular weather app sends private location data without the user's explicit permission to a firm designed to monetize user locations. Popular weather app AccuWeather has been caught sending geolocation data to a third-party data monetization firm, even when the user has switched off location sharing. AccuWeather is one of the most popular weather apps in Apple's app store, with a near perfect four-star rating and millions of downloads to its name. But what the app doesn't say is that it sends sensitive data to a firm designed to monetize user locations without users'...

Pre-installed Trojan in Cheap Android Devices Steal Data, Intercept Chats Android devices are one of the most vulnerable mobile OS (operating systems) due to its open source nature. But what would a user do if their device is delivered to them with a pre-installed malware? Well, Let’s talk about that. IT security researchers at Dr. Web, a Russian cyber security firm has discovered that a number of Android devices including Leagoo M8, Leagoo M5 Plus, Nomu S20 and Nomu S10 have a malicious program built into the firmware. Dubbed Triada by researchers the Trojan is embedded in the Zygote component’s...

Following the discovery of a new version of OSX/Leverage, a backdoor first spotted in 2013, Apple has issued an update to its XProtect malware definitions to version 2093,” Derek Erwin reports for Intego. “This update provides basic detection for this new threat, which the Apple security team named OSX.Leverage.A,” Erwin reports. “Intego VirusBarrier already provides protection against this threat, which it identifies as OSX/FlashyComposer.A.”“The malware is a newer version of OSX/Leverage.A, which Intego analyzed back in 2013,” Erwin reports. “The new iteration disguises itself as a fake Flash Player update, which Intego warned could happen in our 2013 blog post....

The Ukrainian software firm used to launch last week's global cyber attack warned on Wednesday that all computers sharing a network with its infected accounting software had been compromised by hackers. The attack used a virus, dubbed "NotPetya" by some experts, to take down thousands of computers in dozens of countries, disrupting shipping and businesses. Investigators now say the hack may be far more nefarious than previously thought. A top official in the Ukrainian Presidential Administration said it remained unclear how many computers had been compromised and the state security service was trying to establish what the hackers would do...

Ukrainian police on Tuesday seized the servers of an accounting software firm suspected of spreading a malware virus which crippled computer systems at major companies around the world last week, a senior police official said. The head of Ukraine's Cyber Police, Serhiy Demedyuk, told Reuters the servers of M.E.Doc - Ukraine's most popular accounting software - had been seized as part of an investigation into the attack. Though they are still trying to establish who was behind last week's attack, Ukrainian intelligence officials and security firms have said some of the initial infections were spread via a malicious update issued...

https://www.forbes.com/sites/thomasbrewster/2017/06/27/ransomware-spreads-rapidly-hitting-power-companies-banks-airlines-metro/#17b076ce7abd Another Massive Ransomware Outbreak Is Going Global Fast Security #​CyberSecurity Jun 27, 2017 @ 09:44 AM Another Massive Ransomware Outbreak Is Going Global Fast Thomas Fox-Brewster, Forbes Staff Ransomware is causing severe problems for major critical infrastructure providers today. Ukraine's government, National Bank and biggest power companies all warned of cyberattacks Tuesday. Airports and metro services in the country were also reportedly affected, though it appears they're victims of another massive ransomware outbreak that's spreading across the world fast and hitting a significant number of critical infrastructure providers.

Analysis: Here are SemiAccurate’s thoughts TLDR; There is a remote control mechanism in hardware that cannot be fully disabled and you cannot get Intel hardware without it.  So while this patch may fix the current vulnerability this situation points to the urgent need for hardware diversity.Monday SemiAccurate brought you news of a critical remote exploit in all 2008+ Intel CPU’s. Today we will walk you through a chain of thought based on further investigation on how it could be exploited.Confidence Levels:While this is only analysis we will note that we believe this is in the wild right now. We would like to...

There is even malware exploiting it Microsoft's security team has come across a malware family that uses Intel's Active Management Technology (AMT) Serial-over-LAN (SOL) interface as a file transfer tool. Intel's AMT SOL is part of Intel's ME, a separate chip inside Intel CPUs that runs its own OS and stays on even when the main CPU is off. This makes it a rather good place for malware to hit.Inside Intel's ME, AMT SOL opens a virtual network interface which works even when the PC is turned off. This virtual network interface runs inside ME, firewalls and security products installed...

Chipotle Mexican Grill Inc. said on Friday hackers used malware to steal customers’ card data, including account number, expiration date and internal verification codes, from payment systems at some of its restaurants over a span of three weeks.... ... The information could be used to drain bank accounts, if a debit card was used, or to make credit card purchases, said Paul Stephens, director of policy and advocacy at the nonprofit Privacy Rights Clearinghouse.

The latest file revealed in WikiLeaks' Vault 7 catalog of CIA hacking toolkit is Athena, a surveillance tool apparently designed to capture communications from Windows XP to Windows 10 machines. Details of the Athena malware are available in a document allegedly created by the CIA in November 2015. The malware is said to have been made in conjunction with US cybersecurity firm Siege Technologies, which was acquired by Nehemiah Security late last year. Athena is the ninth Vault 7 release of CIA hacking tools for mobile and desktop systems. WikiLeaks has been revealing one tool at the end of each...

The “accidental hero” who halted the global spread of an unprecedented ransomware attack by registering a garbled domain name hidden in the malware has warned the attack could be rebooted. *snip* ...the spread of the attack was brought to a sudden halt when one UK cybersecurity researcher tweeting as @malwaretechblog, with the help of Darien Huss from security firm Proofpoint, found and inadvertently activated a “kill switch” in the malicious software.