We all fall victim to the dangerous belief that if an app or extension is listed in an official repository - be it the App Store, Google Play, the Microsoft Store, Mozilla's Add-Ons directory or so on - it must be legitimate. After all, the big tech companies surely use a lot of automated systems (and real human beings) to ensure that their customers aren't downloading harmful things. Right?
Tagged With malware
Here we go again. Radware's threat research group recently announced that more than 40,000 Facebook users were duped into downloading a "Relieve Stress Paint" application, via a crafty phishing email, that stole their login credentials and browser cookies while they pretend-painted in the app. Worse, the attack was clever enough to avoid being flagged by a typical antivirus app.
Nobody likes an operating system that's full of unnecessary stray files, 20 annoying apps that start up when you fire up your computer, and other crap that slows down your system, makes your desktop feel disorganized, or gives you a headache whenever you're trying to work (or game). Thankfully, there are a number of free apps that can help you clean your Windows PC.
The disclosure of the Meltdown and Spectre computer vulnerabilities on January 2, 2018 was in many ways unprecedented. It shocked – and scared – even the experts. The vulnerabilities bypass traditional security measures in the computer and affect billions of devices, from mobile phones to massive cloud servers.
We have, unfortunately, grown used to attacks on computer systems that exploit the inevitable flaws resulting from vast conceptual complexity. Our computer systems are the most complex artefacts humans have ever built, and the growth of complexity has far outstripped our ability to manage it.
Most internet users wouldn't want to share their browsing history with the rest of the world. (It's one of the reasons incognito mode is so popular.) This is especially true of people who look at questionable online material. So what would you be willing to pay if someone had a secret recording of you watching porn, taken on your webcam?
Security researchers revealed disastrous flaws in processors manufactured by Intel and other companies this week. The vulnerabilities, which were discovered by Google's Project Zero and nicknamed Meltdown and Spectre, can cause data to leak from kernel memory -- which is really not ideal since the kernel is central to operating systems and handles a bunch of sensitive processes.
There have been plenty of stories recently about websites, often connected to content piracy and other dodgy activities, running background software that harnesses your computer's resources to mine cryptocurrency wile you're on their site. But, once you close the browser window, the CPU thieves lost access to your processor and associated resources. Malwarebytes has found that some have resorted to a clever trick to keep mining for cryptocurrency even when you've closed the offending browser window.
Threat actors, Group 74, have targeted people attending the Cyber Conflict US Conference being held in Washington next month. They have distributed a flyer that delivers a VBA payload. Cleverly, the bad guys copied the text from the real flyer from the conference website and used that to craft their attack. While this isn't a new technique it's interesting that they are specifically focussing on security experts, presumably as a way of boosting their credibility in the hacker community.
Most security reports are pretty dull. They tell the same story. The bad guys can get into almost any system, spend weeks or months there, exfitrate data and generally run amok. They use social engineering attacks or exploit vulnerabilities to find their way into networks. But the Carbon Black report, released today focusses on something else - the malware marketplace.
File-sharing websites are not exactly known for their sterling reputation, though a few such as famed torrent site the Pirate Bay have been around for long enough while generally avoiding shady behaviour they have acquired a certain cachet with the internet community.
Famed white hat hacker Marcus Hutchins -- better known as "MalwareTech" -- was arrested by the FBI yesterday while trying to fly home to the United Kingdom from Las Vegas. The 22-year-old security researcher gained mainstream fame earlier this year as the guy who stopped the destructive WannaCry ransomware from spreading, and had been partying with friends near the Black Hat and Defcon hacker conferences before his arrest. Now, he faces serious federal charges for allegedly creating the Kronos banking trojan. But he's supposed to be the good guy!
Following the WannaCry and Petya/GoldenEye/NoPetya ransomware events, you'd think software companies would be quick to remove the need for SMB 1. This was the protocol exploited by the malware developers that allowed those attacks to spread so quickly. Microsoft has released a lit of developers still demanding SMB 1 support.