Games Are Targets for Ransomware and Credential Stuffing

Cybersecurity firm Cyren recently discovered Syrk, a free tool that allows players to cheat at video game “Fortnite.” It also learned that Syrk can disable anti-malware software and encrypt batches of user files for ransom. Akamai has reported a significant rise in so-called credential-stuffing attacks, by which criminals use stolen identities in automated attacks to break into accounts. Akamai found 55 billion credential stuffing attacks from November 2017 to the end of March 2019. Gaming sites had 12 billion of these attacks. Continue reading Games Are Targets for Ransomware and Credential Stuffing

Why Adware Is the Most Intrusive Malware on Our Devices

Adware is the flavor of malware that the ordinary person is most likely to encounter on a smartphone or browser. Aimed at generating profits, adware sneaks ads into apps and browsers, with advertisers paying developers based on the number of people who load them. The smartphone is the ideal environment for this version of malware, via apps sold in Apple’s App Store or Google Play Store. Ad malware largely goes unnoticed because its main impact (besides relentlessly serving ads) is to slow down the device. Continue reading Why Adware Is the Most Intrusive Malware on Our Devices

Researchers Identify Bugs in Microsoft Excel, Apple macOS

Threat intelligence firm Mimecast revealed that hackers are exploiting a Microsoft Excel feature called Power Query to facilitate Office 365 attacks. This feature lets legitimate users combine data from various sources by linking to those components in a spreadsheet. Hackers replace a link with another that leads to a site infected with malware. The hacked Excel spreadsheets then allow attackers to install backdoors, using the software program’s own tools. Meanwhile, Apple has yet to fix a macOS bug first identified by a cybersecurity researcher in February. Continue reading Researchers Identify Bugs in Microsoft Excel, Apple macOS

Apple Divides iTunes Features into Music, Podcast, TV Apps

Apple executives announced the end of iTunes at its annual Worldwide Developer Conference (WWDC) this week. But iTunes features will live on in three apps: Apple Music, Apple Podcasts and Apple TV. The iconic iTunes was created 18 years ago as a so-called digital jukebox that allowed users to import and organize music and burn custom mixes. It evolved into a music store, where an enormous variety of songs sold for 99 cents. In 2003, Steve Jobs declared that “people want to buy their music on the Internet by buying downloads.” Continue reading Apple Divides iTunes Features into Music, Podcast, TV Apps

Cyber Threat Alliance’s Early Sharing Aims to Stop Hackers

The nonprofit Cyber Threat Alliance (CTA) has organized its members, which includes some big tech companies such as Cisco, McAfee, Palo Alto Networks and Symantec, to share knowledge about software bugs and hacking threats, to alert their customers and limit the damage. To do so, the companies have decided to put cybersecurity ahead of the competition. Dubbed “early sharing,” the strategy goes into action as government-linked groups in China, Iran, North Korea and Russia run devastating hacking campaigns. Continue reading Cyber Threat Alliance’s Early Sharing Aims to Stop Hackers

Microsoft Warns Windows Bug May Be Abused by Hackers

Facebook, Intel and Microsoft announced bugs in their software this week. Facebook patched WhatsApp to prevent hackers from using it to install spyware on mobile phones. Intel described its efforts to fix a problem with its chipsets that allow attackers to access private data. Now Microsoft warned that it just patched a bug similar to the WannaCry ransomware crypto-worm that attacked computers around the globe in 2017. The company said that, to its knowledge, no one yet had exploited the Windows vulnerability. Continue reading Microsoft Warns Windows Bug May Be Abused by Hackers

Apple’s Tim Cook Asks Bloomberg to Retract China Spy Story

Apple chief executive Tim Cook is the latest and most prominent executive to call on Bloomberg to retract the claim that its technology supply-chain had been corrupted by Chinese surveillance microchips. According to two Bloomberg reports this month, Chinese spies infiltrated the technology supply chain with a surveillance microchip installed by Silicon Valley-based server company Supermicro. Those tiny chips ended up in the data center hardware of as many as 30 companies, including Amazon and Apple, added the report. Continue reading Apple’s Tim Cook Asks Bloomberg to Retract China Spy Story

Government Backs Apple and Amazon Denials of Spy Chips

As we reported last week, Bloomberg published a story claiming that China had secretly installed microchips on motherboards built by Supermicro that were used in data center servers of companies such as Apple and Amazon. In the first official response from the U.S. government, Homeland Security issued a statement indicating that it has “no reason to doubt” the denials issued by Apple, Amazon and Supermicro in the wake of the report. The Homeland Security statement is similar to comments released by the U.K.’s National Cyber Security Centre. Continue reading Government Backs Apple and Amazon Denials of Spy Chips

Justice Department Accuses Russian Spies of Cyberattacks

The Justice Department’s National Security Division claims that seven hackers suspected of working with Russia’s GRU military intelligence unit were part of a conspiracy to hack multiple organizations including the World Anti-Doping Agency, the Democratic National Committee, a nuclear energy company and several media outlets. The Fancy Bear cyber espionage group, also known as Sofacy or APT28, is accused of launching a disinformation campaign leading up to the 2016 U.S. presidential election, and “hacking to obtain non-public, health information about athletes and others in the files of anti-doping agencies in multiple countries.” Continue reading Justice Department Accuses Russian Spies of Cyberattacks

China Reportedly Used Tiny Chips to Hack U.S. Companies

According to a Bloomberg Businessweek cover story today, Chinese spies infiltrated nearly 30 U.S. companies including Amazon and Apple by embedding tiny chips into servers in the technology supply chain. In 2015, malicious microchips were reportedly embedded in servers bound for U.S. companies, which resulted in compromised software used in numerous hardware devices. While the report cites former government officials and “senior insiders” at Apple, both Amazon and Apple — as well as motherboard manufacturer Supermicro and China’s Ministry of Foreign Affairs — have firmly disputed the findings. Continue reading China Reportedly Used Tiny Chips to Hack U.S. Companies

Pirated Software Dips 37 Percent, But Is Still Commonly Used

The Software Alliance (BSA) published “Global Software Survey,” the latest edition of its report on pirated software, which reveals that the use of pirated PC software declined 37 percent in 2017, down from 39 percent two years ago. The report also states that the value of pirated software dropped 8 percent to $46.3 billion worldwide. BSA, which supports Adobe, Microsoft, Symantec and other software companies via legal action and lobbying, said that piracy is still widespread in some countries. Continue reading Pirated Software Dips 37 Percent, But Is Still Commonly Used

FCC’s O’Rielly Asks Amazon, eBay to Remove ‘Rogue’ STBs

FCC commissioner Michael O’Rielly is urging Amazon and eBay to pull listings from their sites for “rogue” set-top boxes that enable consumers to watch pirated TV shows. On Friday, the commissioner sent a letter to Amazon CEO Jeff Bezos and eBay CEO Devin Wenig noting that the STBs in question often falsely feature the FCC logo, and are responsible for encouraging “intellectual property theft and consumer fraud.” O’Rielly recognized that the companies have been working to address the problem, but wrote “despite your good work in this area, devices continue to make it to consumers through your websites.” Continue reading FCC’s O’Rielly Asks Amazon, eBay to Remove ‘Rogue’ STBs

FBI Requests That We Reboot All Routers to Disrupt Malware

According to Cisco’s threat intelligence division Talos, an estimated 500,000 routers in 54 countries have been infected by malware that the FBI and cybersecurity experts refer to as VPNFilter. The Justice Department has warned that routers are already under control of the Sofacy Group, which is reportedly directed by Russia’s military intelligence agency. Devices from Linksys, MikroTik, Netgear, QNAP and TP-Link are believed to be among the affected equipment. The FBI has requested that owners of home and office routers turn them off and turn them back on. Rebooting the routers will disrupt the malware if present. Users are also encouraged to upgrade firmware, disable remote-management settings, and select a new password. Continue reading FBI Requests That We Reboot All Routers to Disrupt Malware

Cisco Warns of Huge Hacked Network Primed for Cyberattacks

Cisco Systems and U.S. and Ukrainian authorities have warned that a network of half a million routers and storage devices has been hacked and is capable of a massive cyberattack. Security researchers said that the attack could take place during soccer’s UEFA Champions League’s final match on Saturday in Kiev. The devices, in 54 countries, are infected with VPNFilter malware that can shut them down, said Cisco security researcher Craig Williams. The U.S. government is working to reclaim control of the infected servers. Continue reading Cisco Warns of Huge Hacked Network Primed for Cyberattacks

Machine Learning Used in Detection of Harmful Android Apps

The Google Play Protect detection service, which scans Android apps for malicious activity, is enabled on more than 2 billion devices and detected 60.3 percent of Potentially Harmful Apps (PHAs) in 2017 using machine learning, according to Google’s Android Security 2017 Year in Review report. Google removed over 700,000 apps for violating its policies last year. While Play Protect uses a variety of tactics, machine learning is highly effective for catching PHAs, detecting things like inappropriate content, impersonation, and malware.

Continue reading Machine Learning Used in Detection of Harmful Android Apps

Page 1 of 41234