IT News, Solutions and Support

Proactive Computing | Optimizing IT for usability, performance and reliability since 1997

Category: malware (page 1 of 2)

Hack Brief: Malware Hits 225,000 (Jailbroken, Mostly Chinese) iPhones

Hack Brief: Malware Hits 225,000 (Jailbroken, Mostly Chinese) iPhones

The KeyRaider attack represents “the largest known Apple account theft caused by malware.”

The post Hack Brief: Malware Hits 225,000 (Jailbroken, Mostly Chinese) iPhones appeared first on WIRED.

Researchers Create First Firmware Worm That Attacks Macs

Researchers Create First Firmware Worm That Attacks Macs

The common wisdom is that Apple computers are more secure than PCs. It turns out this isn’t true.

The post Researchers Create First Firmware Worm That Attacks Macs appeared first on WIRED.

Ransomware decryptor | Kaspersky Lab

RANSOMWARE DECRYPTOR

Are you a ransomware victim? The National High Tech Crime Unit (NHTCU) of the Netherlands’ police, the Netherlands’ National Prosecutors Office and Kaspersky Lab have been working together to fight the CoinVault ransomware campaign. During our joint investigation we have been able to obtain data that can help you to decrypt the files being held hostage on your PC. We provide both decryption keys and the decryption application. For more information please see this how-to. Please note that this is an ongoing investigation and new keys will be added in the future.

logo_green

via Ransomware decryptor | Kaspersky Lab.

Email Spoofing: Explained (and How to Protect Yourself)

Jason P. Stadtlander Headshot, Huffington Post

Recently a co-worker asked me “Why do people even bother to spoof my email address?”

First, for those of you joining me that have no idea what the term spoofing means – let us examine that.

Spoofing is defined as:

/spo͞of/
verb
1. imitate (something) while exaggerating its characteristic features for comic effect.
2. hoax or trick (someone).

Origin: late 19th century English comedian Arthur Roberts.

In the context of computers, to spoof one’s email address means that the sender is acting as if the email is coming from someone it is not.

How someone (or something) sends an email made to look like it comes from somewhere or somewhere it does not, is a little more technical to explain. So, if you don’t like tech talk, then skip to the next section “Why is my email address being spoofed?”

How are they spoofing me?

Spoofing email addresses is rather easy. All a person needs to spoof an email address is an SMTP (Simple Mail Transfer Protocol) server (a server that can send email) and the appropriate email software. Most website hosting services will even provide an SMTP server in their hosting package. It is also possible to send email from your own computer if you load an SMTP server on it, however most ISPs will block port 25 (which is required to send out email).

Many of the available free SMTP servers will allow you to show a different “from” address than the actual registered domain that the email is transmitting from. However, to the recipient of said message, they will see that it actually came from the address you specified.

Now, there are special checks in place (and more being put into place) to prevent exactly this problem. One is called SPF or “Sender Policy Framework” which was developed by Meng Weng Wong in 2003. Basically, each time an email is sent, the receiving server compares the IP of the origin with the IP listed in the SPF record with the appropriate domain.

EXAMPLE 1: So, for example, let’s say someone tried to spoof Bill Gates (billgates@microsoft.com):
They would send an email on his behalf > the recipient server would then talk back to microsoft.com and say “Hey, I have an email that is coming from 123.123.123.123 stating that it was sent from billgates@microsoft.com.” > microsoft.com would then tell the recipient server, “No, sorry, it should be coming from 111.111.111.111.” and the message would never get delivered.

Why is my email address being spoofed?

Two basic reasons people (and machines) spoof:

1. Malicious: To cause useless internet traffic – ultimately hoping to bog down servers or bring them to a halt.

2. Because you were unlucky enough to have clicked the wrong thing at the wrong time.

Continue reading Email Spoofing: Explained on Huffington Post The Blog

Email Spoofing: Explained (and How to Protect Yourself) | Jason P. Stadtlander

Microsoft releases 14 patches for Windows

bug-162019

Microsoft released patches for 14 vulnerabilities in its Windows operating system, Office and Internet Explorer software on Tuesday, including four it deemed critical, it’s highest severity rating.

All four of the critical bugs could allow attackers to remotely execute programs on a targeted system, something that in the past has allowed hackers to steal personal information such as passwords or take over machines for the purpose of sending spam.

The patches were released as part of the company’s monthly “patch Tuesdaysecurity update for its major software products. The company had originally planned to deliver 16 updates Tuesday, but two are marked as yet to appear. They include one that was expected to carry a critical rating.

At 14, the number of patches is a monthly record for 2013 and 2014.

They include a problem with Windows Object Linking and Embedding that could allow remote code execution if the user visits a website containing malicious code. If the user is logged in as the administrator, the attacker could gain the ability to install programs and change and delete data. A related patch for Internet Explorer fixes the vulnerability with malicious websites and 16 other problems with the software, said Microsoft.

A security update for the Microsoft Secure Channel software in Windows fixes a problem that leaves Windows Server vulnerable to attack from specially crafted packets. The fourth critical patch fixes a hole in Windows that allows attackers to invoke Microsoft XML Core Services from a malicious website and then remotely execute code on a target system.

A further seven patches are marked as important—the second highest rank.

One vulnerability in Microsoft Office allows for remote execution of code, four additional problems allow attackers to assign themselves higher privileges and two allow bypass of certain security features in Windows.

via Microsoft releases 14 patches for Windows security problems | PCWorld.

Microsoft Patch Tuesday tackles three critical vulnerabilities, including ‘Sandworm’ | PCWorld

After a relatively quiet few months, Microsoft Patch Tuesday is back in full force, covering three zero-day vulnerabilities that administrators should attend to as quickly as possible.

Microsoft issued eight security bulletins Tuesday, covering a total of 24 vulnerabilities found in Windows, Internet Explorer, Office and the .Net framework. Three of the bulletins are marked as critical, which means administrators should test and apply these patches immediately. A single bulletin can cover multiple vulnerabilities within one technology.

Three of these vulnerabilities are already being exploited by malicious attackers, hence they are being called zero-day vulnerabilities. This is the first time in recent history—and perhaps ever—that Microsoft has fixed three zero-day vulnerabilities in a single round of patches, which Microsoft typically issues on the second Tuesday of each month.

“Sandworm” is the most notorious of the three and is a vulnerability in Microsoft Windows that has already been used in attacks on NATO and a number of European government agencies, telecommunication firms and energy companies, according to cyberthreat intelligence firm iSight. Microsoft Bulletin MS14-060 fixes this bug.

“This is an urgent one to fix,” said Wolfgang Kandek, chief technology officer for IT security firm Qualys.

Microsoft marked MS14-060 as important rather than critical because for the attack to work, it would require a user to click on a file. Qualys ranks this vulnerability as more severe in that it is pretty easy to trick a single person into clicking on a file, such as a PowerPoint presentation, which would be all that would be required for an attacker to gain access to an internal network with a well-crafted script, Kandek said.

Sandworm is a good reminder for administrators to make sure that they set the user permissions correctly on desktop and laptop computers, meaning not to give an end user full administrative privileges on the machine, Kandek said.

Internet Explorer gets patched, too

The second zero-day flaw addresses a problem in Internet Explorer and the fix is found in MS14-056. This vulnerability “could allow an attacker to break out of the sandboxing capabilities in Internet Explorer,” said Amol Sarwate, director of vulnerability research at Qualys.

The third zero-day, addressed in MS14-058, also comes from a flaw within Windows, namely from the way the operating system kernel drivers handle TrueType fonts. An attacker could embed some malicious code within a TrueType font. When a user visits a site with these ill fonts, Windows will download the font package and automatically execute the code buried within.

Beyond Microsoft’s patches, administrators will also have a busy week with patches from Adobe and Oracle, Kandek said.

On Tuesday, Adobe released a set of patches for its Flash multimedia player. Oracle is also releasing a wide range of patches for its enterprise software. In particular, administrators should take a look at the Java patches, Kandek advised.

via Microsoft Patch Tuesday tackles three critical vulnerabilities, including ‘Sandworm’ | PCWorld.

5 Million Gmail Passwords Leaked, Check Yours Now

5 Million Gmail Passwords Leaked, Check Yours Now.

5 Million Gmail Passwords Leaked, Check Yours Now

According to the Daily Dot, nearly 5 million usernames and passwords to Gmail accounts have been leaked on a Russian Bitcoin forum. Here’s what you should know.

The list has since been taken down, and there’s no evidence that Gmail itself was hacked—just that these passwords have been leaked. Most sources are saying that lots of the information is quite old, so chances are they were leaked long ago—though others are claiming 60% of the passwords are still valid (not to mention really, really horrible).

5 Million Gmail Passwords Leaked, Check Yours Now

To check if your password was one of the leaked, plug your Gmail address into this tool (which also checks against recent Yandex and Mail.ru leaks). If you’re paranoid, you may also want to change your password at this time. As always, make sure you use a strong password and enable two-factor authentication on  your account. Hit the link to read more.

Update: Looks like the IsLeaked tool is having some trouble due to unusually high traffic—if you get an error message, try reloading the page or checking back later.

5 Million Gmail Passwords Leaked to Russian Bitcoin Forum | The Daily Dot

Why Breach Detection Is Your New Must-Have, Cyber Security Tool | TechCrunch

Why Breach Detection Is Your New Must-Have, Cyber Security Tool | TechCrunch.

Cyber attacks are all over the news, and it seems like no one is immune — Home Depot, Target, Adobe and eBay included. So why are CIOs still fighting cyber criminals with one hand tied behind their backs?

Shockingly, most companies are still relying on outdated, only partially effective methods to protect their sensitive data, mainly with technology that focuses on preventing incoming attacks. But actually stopping bad guys from slipping inside enterprise networks and getting their hands on sensitive data is nearly impossible these days. In fact, among organizations with over 5,000 computers, over 90 percent have an active breach of some sort at any given time. What’s worse, those organizations may not even know about it…

…The most concerning part of all this is that very few organizations are now using new breach-detection technologies and can actually discover these ongoing breaches themselves, meaning attacks are even more destructive for their victims. Despite numerous alerts, Target, for example, didn’t detect the recent breach that led to 40 million stolen credit card numbers….Read More

 

 

Healthcare.gov hacked – Botnet malware discovered | PCWorld

Botnet malware discovered on Healthcare.gov server | PCWorld.

Thanks to a poor initial launch followed a few months later by the Heartbleed scare, Healthcare.gov has had its share of security problems. Now, we can add one more security snafu to the list. In early July, a hacker was able to infiltrate a server connected to Healthcare.gov, deposit malware on it, and remain undetected for about a month and a half.

The good news is no personal information was compromised and it appears the malware was never actually used, according to CNN. The compromised server was a test machine that site developers use to try out code before pushing it live on the servers hosting the actual site. The server did not contain any personally sensitive information such as names or Social Security numbers.

The problem was the test server was never supposed to be connected to the Internet and its security was not as robust as other servers on the network.

But Healthcare.gov’s inattentiveness was the anonymous hacker’s gain.

Searching government networks for vulnerable servers, the hacker was able to break-in because the server’s default password had not been changed, according to The Wall Street Journal. Even the U.S. government, it seems, can do with a refresher course every now and then on security .

From the sounds of it, this latest Healthcare.gov intrusion was little more than a close call. The malware itself was designed to add the test server to a botnet, which could then be used to attack other websites with distributed denial-of-service attacks (DDoS). Botnets are also routinely used to distribute spam email.

The hack on Healthcare.gov certainly could’ve been worse—if, for example, hackers were able to use the test server to get into other servers that did contain sensitive information.

Luckily that didn’t happen. What’s most concerning, however, is that it took site operators until August 25 to discover the intrusion. CNN reports that since the malware was not actually operational it was more difficult to discover. Nevertheless, Healthcare.gov clearly needs to audit its systems to make sure something like this doesn’t happen again, especially with the next open enrollment period slated to begin in a few months time on November 15.

healthcare.gov hacked

1000 businesses hit with Target cyberattack

Over 1,000 US businesses hit with the same cyberattack as Target

With cyber attacks happening almost daily these days, when was the last time you changed your password?

So far, only seven of the more than 1000 companies have come forward and acknowledged they were hacked, according to the Secret Service, supposing they are still unaware that they were attacked. So how safe is your data online?

Target’s massive data breach grabbed headlines right in the middle of holiday shopping that year, and the fallout continues. According to a Department of Homeland Security advisory this afternoon, the attacks that hit the red-hued retailer, along with Supervalu and UPS, are much more widespread than first reported. The so-called “Backoff” malware in various versions has actually hit more than 1,000 businesses in the States, allowing hackers to snag info from millions of credit card payments. Remote network access for contractors provides the avenue for entry, and the announcement suggests that companies have vendors take a close look at their systems for possible criminal activity. It’s also calling for businesses to put cash registers on a separate network and employ two-factor authentication to help combat would-be intruders.

[Photo credit: Joe Raedle/Getty Images]

via Over 1,000 US businesses hit with the same cyberattack as Target.

1000 businesses hit with Target cyberattack

Related: Most U.S. Businesses Don’t Know They Were Caught Up In Massive Cyberattack
Older posts