Study finds malware lurking in Amazon, Google and Groupon cloud services. From SC Magazine.
A recent study detected more than 600 cloud repositories hosting malware and other malicious activities on major cloud platforms including Amazon, Google, Groupon and thousands of other sites.
Researchers from the Georgia Institute of Technology, Indiana University Bloomington and the University of California Santa Barbara scanned more than 140,000 sites on 20 major cloud hosting services and found that as many as 10 percent of the repositories hosted by them had been compromised, according to the “Lurking Malice in the Cloud: Understanding and Detecting Cloud Repository as a Malicious Service”.
- Researchers Create Undetectable Rootkit That Targets Industrial Equipment. From Bleeping Computer.
Two researchers presenting at the Black Hat Europe security conference in London revealed a method of infecting industrial equipment with an undetectable rootkit component that can wreak havoc and disrupt the normal operations of critical infrastructure all over the world.
The attack targets PLCs (Programmable Logic Controllers), devices that sit between normal computers that run industrial monitoring software and the actual industrial equipment, such as motors, valves, sensors, breakers, alarms, and others.
Android spyware targets business executives. From HelpNetSecurity.
Researchers from mobile security outfit Skycure have recently analyzed a malicious app they found on an Android 6.0.1 device owned by a VP at a global technology company.
The name of the malicious package is “com.android.protect”, and it comes disguised as a Google Play Services app. It disables Samsung’s SPCM service in order to keep running, installs itself as a system package to prevent removal by the user (if it can get root access), and also hides itself from the launcher.
They don’t say how the malicious app – a piece of commercial spyware they dubbed Exaspy – found its way onto the victim’s phone, but chances are someone took advantage of the physical access they had to the device to do the dirty deed.
- Computer virus attack forces hospitals to cancel operations, shut down systems. From ZDNet.
A computer virus has forced three hospitals offline and caused the cancellation of all routine operations and outpatient appointments.
The Northern Lincolnshire and Goole NHS Foundation Trust says a “major incident” has been caused by a “computer virus” which infected its electronic systems on Sunday. As a result of the attack, the hospital has taken the decision to shut down the majority of its computer networks in order to combat the virus.
“A virus infected our electronic systems [on Sunday] and we have taken the decision, following expert advice, to shut down the majority of our systems so we can isolate and destroy it,” said Dr Karen Dunderdale, the trust’s deputy chief executive, according to the BBC.
- New, more-powerful IoT botnet infects 3,500 devices in 5 days. From ArsTechnica.
There’s a new, more powerful Internet-of-things botnet in town, and it has managed to infect almost 3,500 devices in just five days, according to a recently published report.
Linux/IRCTelnet, as the underlying malware has been named, borrows code from several existing malicious IoT applications. Most notably, it lifts entire sections of source code from Aidra, one of the earliest known IoT bot packages. Aidra was discovered infecting more than 30,000 embedded Linux devices in an audacious and ethically questionable research project that infected more than 420,000 Internet-connected devices in an attempt to measure the security of the global network. As reported by the anonymous researcher, Aidra forced infected devices to carry out a variety of distributed denial-of-service attacks but worked on a limited number of devices.
- Was a Trump Server Communicating With Russia? From Slate.com. he greatest miracle of the internet is that it exists—the second greatest is that it persists. Every so often we’re reminded that bad actors wield great skill and have little conscience about the harm they inflict on the world’s digital nervous system. They invent viruses, botnets, and sundry species of malware. There’s good money to be made deflecting these incursions. But a small, tightly knit community of computer scientists who pursue such work—some at cybersecurity firms, some in academia, some with close ties to three-letter federal agencies—is also spurred by a sense of shared idealism and considers itself the benevolent posse that chases off the rogues and rogue states that try to purloin sensitive data and infect the internet with their bugs. “We’re the Union of Concerned Nerds,” in the wry formulation of the Indiana University computer scientist L. Jean Camp.
The biggest lesson emerging from the recent recall of 3.2 million debit cards by various Indian banks is that most of the systems that the government and the country’s financial sector put in place to deal with a major cyber attack failed to detect the data breach that necessitated this recall.
As banks scramble to put together a root cause analysis of the events that led to the malware (malicious software) attack that led to one of the biggest security breaches in banks in India in September and October, there is a realisation that institutions failed to share information with each other, leading to cascading failures that permitted the breach to continue undetected for a while.
2. Data breach at Weebly affects 43 million users. From Graham Cluely.
A data breach at free website builder Weebly has compromised the personal information of over 43 million users.
News of the breach arrived on 20 October when LeakedSource.com published a database of 43,430,316 Weebly users’ information on its website. Those records contain a username, email address, password, and IP address.
Little information is known about how those responsible for the breach exfiltrated all of that data, but we do know that the breach occurred at the web-hosting service in February 2016 and that an anonymous source provided LeakedSource with the database.
- Bank Financial Data Breach Affects 32 Lakh Debit Card Holders: Report. From News18.
Around 32 lakh debit card holders in India have been affected by one of the largest ever breaches of financial data in the country, Economic Times reported today.
Customers of the State Bank of India, HDFC Bank, ICICI Bank, YES Bank and Axis Bank are among those affected and the banks will either replace their cards or ask them to change their security codes.
The fraudsters were able to steal information by way of malware introduced to Hitachi Payment Services, which provides ATM and point of sale services.
- Why the silencing of KrebsOnSecurity opens a troubling chapter for the ‘Net. From Ars Technica.
For the better part of a day, KrebsOnSecurity, arguably the world’s most intrepid source of security news, has been silenced, presumably by a handful of individuals who didn’t like a recent series of exposés reporter Brian Krebs wrote. The incident, and the record-breaking data assault that brought it on, open a troubling new chapter in the short history of the Internet.
The crippling distributed denial-of-service attacks started shortly after Krebs published stories stemming from the hack of a DDoS-for-hire service known as vDOS. The first article analyzed leaked data that identified some of the previously anonymous people closely tied to vDOS. It documented how they took in more than $600,000 in two years by knocking other sites offline. A few days later, Krebs ran a follow-up piece detailing the arrests of two men who allegedly ran the service
Kimpton Hotels Acknowledges Data Breach. Kimpton Hotels on Wednesday formally acknowledged that malware found on payment terminals in many of its hotels and restaurants may have compromised credit/debit cards of guests who patronized the properties in the first half of this year. The disclosure comes more than a month after KrebsOnSecurity first contacted to the company about a possible credit card breach across most of its locations.