Fantom Ransomware Mimics Windows Update Screen. From Softpedia.
Ransomware often tries to disguise its malicious behavior using various tricks. The latest method observed is that employed by a new variant called Fantom, which shows a fake Windows Update screen while, in reality, it’s encrypting the user’s files.
The ransomware, spotted for the first time only a few days ago by AVG security researcher Jakub Kroustek, is coded on top of EDA2, a ransomware building kit that was open-sourced last year but eventually taken down.
EDA2 contained flaws that allowed researchers to obtain the decryption keys from the ransomware’s C&C server. According to an analysis from Bleeping Computer, those flaws aren’t there anymore, meaning one of the Fantom coders must have found and fixed them.
- Annoying “Open PDF in Edge” Default Option Puts Windows 10 Users at Risk. From Softpedia. Microsoft has released today its monthly security patch, and one of the five security bulletins labeled as critical concerns a remote code execution (RCE) flaw in its standard PDF rendering library that could be exploited when opening PDF files. The issue, tracked as CVE-2016-3319, is found in the Microsoft Windows PDF Library, the default Windows utility used to open, read, and render PDF files, embedded by default in a couple of apps such as Edge. An attacker could craft malicious code, add it to the header of a PDF file, and host the file on a Web server.
- Flaws in Oracle file processing SDKs affect major third-party products. From CSO Online. Seventeen high-risk vulnerabilities out of the 276 flaws fixed by Oracle Tuesday affect products from third-party software vendors, including Microsoft. The vulnerabilities were found by researchers from Cisco’s Talos team and are located in the Oracle Outside In Technology (OIT), a collection of software development kits (SDKs) that can be used to extract, normalize, scrub, convert and view some 600 unstructured file formats.
- How a Bad UI Decision from Microsoft Helped Macro Malware Make a Comeback. From Softpedia. Following numerous reports from various security firms about a large number of malware that uses macro scripts in Office documents to spread, the US-CERT team has issued an official alert Macros are not malicious by nature, being added to automate various operations in the Office suite. Macro malware, as this threat is sometimes called, relies on small scripts attached to Office files that execute when the document is opened, if there’s no security restriction
- CIOs, CISOs share advice on selling cybersecurity to the C-suite. From HealthCare IT News. Texas Children’s CISO Sanjeev Sah said hospitals must master the basics because there’s no way to protect against advanced threats if you do not. When UC Irvine Health CIO Chuck Podesta needed a bigger security budget he walked the hospital’s chief executive through a typical data breach or loss scenario. The last bullet point: CEO apologizes to the public.
Got $90,000? A Windows 0-Day Could Be Yours. From Krebs On Security. How much would a cybercriminal, nation state or organized crime group pay for blueprints on how to exploit a serious, currently undocumented, unpatched vulnerability in all versions of Microsoft Windows? That price probably depends on the power of the exploit and what the market will bear at the time, but here’s a look at one convincing recent exploit sales thread from the cybercrime underworld where the current asking price for a Windows-wide bug that allegedly defeats all of Microsoft’s current security defenses is USD $90,000.
Beware of keystroke loggers disguised as USB phone chargers, FBI warns. From ArsTechnica. FBI officials are warning private industry partners to be on the lookout for highly stealthy keystroke loggers that surreptitiously sniff passwords and other input typed into wireless keyboards. Always-on sniffer remotely uploads all input typed into Microsoft Wireless keyboards. The FBI’s Private Industry Notification is dated April 29, more than 15 months after whitehat hacker Samy Kamkar released a KeySweeper, a proof-of-concept attack platform that covertly logged and decrypted keystrokes from many Microsoft-branded wireless keyboards and transmitted the data over cellular networks. To lower the chances that the sniffing device might be discovered by a target, Kamkar designed it to look almost identical to USB phone chargers that are nearly ubiquitous in homes and offices.
- Microsoft Bans Simple Passwords That Appear in Breach Lists. From Softpedia.
Following the huge debacle related to the LinkedIn data breach that came to light last week, Microsoft’s Identity Protection team has decided to ban the usage of common or simple passwords that may be easy to guess or have already appeared in breach lists. Microsoft says it has already activated this feature for regular Microsoft Account users and is holding a limited private preview for Microsoft Azure Active Directory services.
Here’s how the US military is beating hackers at their own game. From Tech Insider. There’s an unseen world war that has been fought for years with no clear battle lines, few rules of engagement, and no end in sight. But it’s not a shooting war; not a war where combatants have been killed or wounded — at least not yet. It’s a war that pits nations against each other for dominance in cyberspace, and the United States, like other nations employing professional hackers as “cyber soldiers,” sees it as a battlefield just like any other.
- Customs invests $1.4M to beef up cybersecurity. From Manila Bulletin. The Bureau of Custom has invested $1.4 million in a comprehensive cybersecurity program that will protect the government’s second largest tax agency from cybercriminal activities. Customs Commissioner Alberto D. Lina said they partnered with Microsoft Philippines to implement reforms in the agency’s information and communications technology and establish the highest data integrity assurance levels. Lina said Customs is the first government agency to implement a comprehensive cybersecurity program in less than year. Earlier, several government institutions, including the Commission on Elections’ controversial “comeleak,” were targeted by cybercriminals that drastically affected public trust.
Cyber-crooks meet their match with Israeli-developed GPS protector. From Times Of Israel. Farr more than a tool for Waze users to figure out the best routes to their destinations, the Global Positioning System is used in a wide variety of endeavors and industries. Among them, to name a few, are agriculture, to help farmers determine the ideal spots to plant crops; shipping, to guide ships across the ocean; retail sales, to help companies keep track of their products; aviation, to ensure that planes are able to get to their destination; and defense, to position systems to ensure response to attack.
- ‘Dark Territory: The Secret History of Cyber War’: The worldwide war of keystrokes. From Pittsburgh Post-Gazette. You’ve heard the complaining, from the White House on down, about the cyberattacks on our country. Well, yes, you guessed it: We started it. That’s one of the central thrusts of Fred Kaplan’s “Dark Territory: The Secret History of Cyber War.” Because it pioneered computing, the U.S. intelligence agencies enjoyed decades of dominance over rivals, and even learned how to remotely wreak havoc on, say, the Iranian nuclear program. But because nearly everything in our country is networked, we’re uniquely vulnerable now that the rest of the world has caught up.
- Student who hacked into a public transport network and got $18 in free trips is found guilty of fraud after he contacted authorities to warn them about the system’s flaws. From Daily Mail. A student who hacked into a public transport system to show it had flaws has been been found guilty of fraud after he and a co-convicted got $18 worth of free trips. Jack Carruthers, a student at Perth’s Murdoch University, hacked into the city’s SmartRider transport travel card and later owned up to TransPerth, alerting them to the issues with the system. However, he ended up being charged for his actions after the Public Transport Authority (PTA) noticed what had happened and was eventually found guilty.
Charles Schwab data breach exposed client investment data. From SC Magazine. Charles Schwab informed some of its customers on May 4 that the company had noticed unusual login activity on their account, possibly due to an unauthorized person having obtained their account username and password. In a letter posted on the California Attorney General Office website, the company said the unusual activity began on or after March 25 and that the account sign-on credentials were likely taken from a non-Schwab source and then successfully used to access the customer’s account, possibly exposing the client’s names, account numbers, stock positions and transaction history.
Prince of Persia: Infy Malware Active In Decade of Targeted Attacks. From Palo Alto Networks. Attack campaigns that have very limited scope often remain hidden for years. If only a few malware samples are deployed, it’s less likely that security industry researchers will identify and connect them together. In May 2015, Palo Alto Networks WildFire detected two e-mails carrying malicious documents from a genuine and compromised Israeli Gmail account, sent to an Israeli industrial organization. One e-mail carried a Microsoft PowerPoint file named “thanks.pps” (VirusTotal), the other a Microsoft Word document named “request.docx”.
- Romanian hacker Guccifer: I breached Clinton server, ‘it was easy’. From Fox News. The infamous Romanian hacker known as “Guccifer,” speaking exclusively with Fox News, claimed he easily – and repeatedly – breached former Secretary of State Hillary Clinton’s personal email server in early 2013. “For me, it was easy … easy for me, for everybody,” Marcel Lehel Lazar, who goes by the moniker “Guccifer,” told Fox News from a Virginia jail where he is being held.
Why malware authors keep using the same old Microsoft Office exploits. From SophosLabs. SophosLabs Principal Malware Researcher Gabor Szappanoshas closely studied Microsoft Office exploits for the past few years. We’ve previously covered his investigation of the Microsoft Word Intruder exploit creation kit, and his recent paper exploring the most popular Office exploit kits.
A 10-year-old hacked Instagram so Facebook gave him $10,000. From Mashable. Before he even reached the age requirement to make a Facebook account, a 10-year-old found a major flaw in Instagram, earning him a cool $10,000 from Facebook. Jani (his parents withheld his last name), figured out a way to get into Instagram’s servers and delete text posted by Instagram users, Finnish news site Iltalehti reported.
Big data breaches found at major email services – expert. From Reuters. Hundreds of millions of hacked user names and passwords for email accounts and other websites are being traded in Russia’s criminal underworld, a security expert told Reuters.The discovery of 272.3 million stolen accounts included a majority of users of Mail.ru, Russia’s most popular email service, and smaller fractions of Google, Yahoo and Microsoft email users, said Alex Holden, founder and chief information security officer of Hold Security.
- A four-step plan to prevent ransomware attacks. From The Advisory Board. Ransomware attacks encrypt your files and demand ransom for the decryption key. In some cases, hospitals have paid thousands of dollars to regain access to their data. To protect your data, Advisory Board experts recommend four common-sense steps.
- Critical flaws in ImageMagick library expose websites to hacking. From CIO.com. A tool used by millions of websites to process images has several critical vulnerabilities that could allow attackers to compromise Web servers. To make things worse, there’s no official patch yet and exploits are already available. The vulnerabilities were discovered by Nikolay Ermishkin from the Mail.Ru security team and were reported to the ImageMagick developers who attempted a fix in version 6.9.3-9, released on April 30. However, the fix is incomplete and the vulnerabilities can still be exploited.
- Introduction to Digital Certificates. From Comodo. Digital Certificates are a means by which consumers and businesses can utilise the security applications of Public Key Infrastructure (PKI). PKI comprises of the technology to enables secure e-commerce and Internet based communication. The number of people and businesses online is continuing to increase. As access becomes faster and cheaper such people will spend even more time connected to the Internet for personal communication and business transactions. The Internet is an open communications network that was not originally designed with security in mind. Criminals have found they can exploit its vulnerabilities for fraudulent gain. If the Internet is to succeed as a business and communications tool users must be able to communicate securely