Recent Posts

Pages: [1] 2 3 ... 10
BY: April 24, 2018  By Pierluigi Paganini

The peculiarity of  Bandios malware is the fact that this malware is in a rapid and constant evolution and development.

Experts observed several versions of the malware stored on the same websites, they represent the evolution of the malicious code that is continuously updated by the authors. ZLab researchers analyzed all these samples and noticed that they have the same behavior, the last compilated and thus the most recent is the sample hosted on the “/OnlineInstaller.exe” path, with the hash “3f11ea10cb7dc4ed8e22de64e9218b1c481beb8b6f4bf0c1ba6b021e9e3f6f72”

full article here:
BY: Help Net SecurityApril 24, 2018

A new study of the UK cyber risk insurance and broker community reveals startling findings. First and foremost, the insurance industry needs to address non-affirmative cyber in a meaningful way. Second, measurement of cyber risk in financial terms is highly deficient among insurance customers and the insurance industry itself.

More than three-quarters (77 per cent) of UK cyber risk insurance brokers and insurers believed that the insurance industry needs to urgently address non-affirmative cyber or ‘silent cyber’ in a deeper, more meaningful way. Silent cyber refers to instances where cyber perils (such as service interruption or data breach) are neither explicitly included, nor explicitly excluded, by an insurance policy’s wording. There was also a recognition that this problem could not be resolved swiftly, according to 22 per cent of respondents.

full article here:
BY: Zeljka Zorz - Managing EditorApril 24, 2018

A group of researchers have devised a self-learning system for detecting compromised IoT devices that does not require prior knowledge about device types or labeled training data to operate.

“We propose a novel approach that combines automated device-type identification and subsequent device-type-specific anomaly detection by making use of machine learning techniques. Using this approach, we demonstrate that we can effectively and quickly detect compromised IoT devices with little false alarms, which is an important consideration for deployability and usability of any anomaly detection approach,” the researchers noted.

full article here:
BY: Krebs

MEDantex, a Kansas-based company that provides medical transcription services for hospitals, clinics and private physicians, took down its customer Web portal last week after being notified by KrebsOnSecurity that it was leaking sensitive patient medical records — apparently for thousands of physicians.

On Friday, KrebsOnSecurity learned that the portion of MEDantex’s site which was supposed to be a password-protected portal physicians could use to upload audio-recorded notes about their patients was instead completely open to the Internet.

Krebs On Security:
 By Kieren McCarthy in San Francisco 24 Apr 2018 at 19:09

The Disaster Formerly Known as Yahoo! has been fined $35m by US financial watchdog, the SEC, for failing to tell anyone about one of the world's largest ever computer security breaches.

Now known as Altaba following its long, slow and painful descent in irrelevance, Yahoo! knew that its entire user database – including billions of usernames, email addresses, phone numbers, birthdates, passwords, security questions – had been grabbed by Russian hackers back in December 2014 – just days after the break-in occurred.

full article here:

By Eduard Kovacs on April 24, 2018

Drupal developers announced on Monday that versions 7.x, 8.4.x and 8.5.x of the content management system (CMS) will receive a new security update later this week.

The Drupal core updates, scheduled for April 25 between 16:00 and 18:00 UTC, will deliver a follow-up patch for the highly critical vulnerability tracked as CVE-2018-7600 and dubbed “Drupalgeddon2.”

While Drupal developers have described the upcoming security releases as a follow-up to the updates that fixed Drupalgeddon2, a separate CVE identifier, namely CVE-2018-7602, has been assigned to the new vulnerability.

“For all security updates, the Drupal Security Team urges you to reserve time for core updates at that time because there is some risk that exploits might be developed within hours or days,” Drupal said. “The Security Team or any other party is not able to release any more information about this vulnerability until the announcement is made.”

full article here:

By Ionut Arghire on April 24, 2018

Foxit has addressed over a dozen vulnerabilities in their PDF Reader, a free application that provides users with an alternative to Adobe Acrobat Reader.

Designed for viewing, creating, and editing PDF documents, Foxit PDF Reader is a popular free program that also has a broadly used browser plugin available.

Released on Friday, the latest version of the application addresses an Unsafe DLL Loading security bug reported by Ye Yint Min Thu Htut. The issue is created because the app “passes an insufficiently qualified path in loading an external library when a user launches the application,” the researcher explains. 

full article here:
By Ionut Arghire on April 24, 2018

Air-gapped cryptocurrency wallets are believed to hold private keys stored in them secure, but an Israeli researcher has demonstrated that attackers can leak the keys from such wallets in a matter of seconds.

In a recently published whitepaper (PDF), Dr. Mordechai Guri from the Ben-Gurion University of the Negev, Israel, explains that managing cryptocurrency wallets offline, in isolated computers, isn’t enough to secure the private keys from theft.

The air-gapped (cold) wallets are software wallets that are managed offline, disconnected from the Web, thus offering increased security compared to hot wallets, which are always online. Because they are physically isolated from the Internet, air-gapped wallets are said to provide the highest level of protection for private keys

full article here:

By Ionut Arghire on April 24, 2018

A vulnerability in NVIDIA's Tegra chipsets allows for the execution of custom code on locked-down devices, security researcher Kate Temkin reveals.

Dubbed Fusée Gelée, this exploit leverages a coldboot vulnerability through which an attacker could achieve full, unauthenticated arbitrary code execution from an early bootROM context via Tegra Recovery Mode (RCM), the security researcher says.

The code is executed on the Boot and Power Management Processor (BPMP) before any lock-outs take effect, which results in the compromise of the entire root-of-trust for each processor, while also allowing for the exfiltration of secrets.

In a technical report (PDF) detailing the flaw, Temkin notes that the issue is that an attacker can control the length of a copy operation in the USB software stack inside the boot instruction rom (IROM/bootROM). Thus, through a specially crafted USB control request, the contents of an attacker-controlled buffer can be copied over the active execution stack, gaining control of BPMP.

full article here:
 by Tara Seals

The Ukrainian Energy Ministry has been hit by a ransomware attack – and for once it looks like this is the work of amateurs, not nation-state attackers bent on making a geopolitical point. However, the bad actors appear to have made use of the recently patched Drupal vulnerability, pointing out yet once again that patch management needs to be a top security-posture priority for government and critical infrastructure organizations.

Sophisticated APT attackers have repeatedly targeted Ukrainian government networks and critical infrastructure in recent years, and most researchers have pointed the attribution finger squarely towards APTs such as BlackEnergy and threat actors behind malware Bad Rabbit and Petya/ExPetr. However, in this case, the attack seems to be financially motivated.

full article here:
Pages: [1] 2 3 ... 10