Showing posts with label malware. Show all posts
Showing posts with label malware. Show all posts

Wednesday, December 9, 2015

FireEye Finds Complex Malware FIN1 Created in Russia - http://clapway.com/2015/12/09/fireeye-finds-complex-malware-fin1-created-in-russia123/

A US-based cyber security firm called FireEye has discovered a kind of malware that is designed to steal payment card data, and it’s very hard to detect and remove it. The group behind the malware has been nicknamed FIN1, and they’re suspected to be based in Russia.


FireEye - Complex Malware


FIN1’s Main Target Are Financial Institutions


Credit and debit card data is among the most wanted pieces of information of any individual. Security of these items has been increasing during recent years, but cyber attacks have gotten more clever. Giant companies like Target and Home Depot have suffered data breaches that compromises client information, and some payment processors have also been targeted.


The malware uses a bootkit functionality, which can be bypassed by any antivirus software. It allows for raw disk access to look for malware, and once it latches on to it, it’s almost impossible to remove. System administrators should have to wipe the devices completely clean of all data and then reload the operating systems.


One Up for the Russians


There hasn’t been a solution found for this kind of malware. Cyber security threats have been really popular in 2015, and it’s possible that they get even stronger as more businesses and enterprises follow cloud systems, which may be safer in the physical world but less than in the cybernetic world.


But cyber security firms are stepping up to the plate to fight back. Hopefully even entire governments turn to reliable cyber security firms to strengthen all platforms so that they’re not sensitive to threats. Attacks are possible from all directions, both remotely and internationally, and individual people as well as entire organizations must remain safe from all threats. Firms like FireEye have become increasingly popular, and hopefully firms like these will become stronger to fight back against threats to persons and enterprises.



FireEye Finds Complex Malware FIN1 Created in Russia
Posted by at No comments:
Labels: , , , ,

Wednesday, August 5, 2015

If #MacOS is in it with #malware, what exactly is the point? - http://clapway.com/2015/08/05/who-says-mac-os-is-malware-free-how-hackers-are-exploiting-macbooks-through-serious-flaw-353/

If you ask most casual Mac OS X users why they made the switch from Windows to Apple’s OS X, an overwhelming amount of them will talk about ease of use and the lack of malware. For many Apple fans, having the sense of security that Mac OS provides is more than enough to pay the premium associated with Apple products.


On Monday, security researchers at Malwarebytes stumbled across an installer that is capable of exploiting systems without the need for a system password.


What’s the Skinny?


In a recent update to OS X — affecting 10.10.4 and 10.10.5 versions of OS X — developers overlooked standard safeguards which have allowed hackers to view and create files with root privileges. This severe exploit has allowed hackers to infect Macs with adware and junkware through malicious installers without needing the user’s password to gain root access to the system.


In a recent blog post Malwarebytes goes into deeper technical detail about how hackers are able to exploit the flaw.


Users Running 10.11 Are Golden


Stefan Esser, a security researcher at Malwarebytes, has said that the flaw is currently present in 10.10.4 and possibly in some versions of 10.10.5 of OS X. Esser said on Twitter that the exploit is apparently fixed in the 10.10.5 beta “2”. Users currently running 10.11 have nothing to worry about since researchers are unable to reproduce the bug while running this version of OS X.


Wait for the Patch


The fix in the 10.10.5 beta and the absence of the bug in 10.11 is a good sign that Apple is currently hard at work trying to patch the flaw for users across the board. Unfortunately, for systems still running 10.10.4, there is no real fix available at the moment. Esser has produced a third-party patch, but says that this could also potentially be a problem since it isn’t made by Apple.


So, for users currently at risk, browsing the internet is potentially dangerous. Esser’s patch can be found here, but Apple advises against installing any type of third-party patches, and suggests users just hang tight until they can get an official patch out soon.


 


Get a bit out of your tech reviews with Clapway Trends:




Who Says Mac OS Is Malware Free? How Hackers Are Exploiting Macbooks Through Serious Flaw
Posted by at No comments:
Labels: , , , , , , , , , , , , , ,

Wednesday, July 29, 2015

Russian Hackers Use Hammertoss to Hack U.S. Government Computers via Twitter and Github - http://clapway.com/2015/07/29/russian-hackers-use-hammertoss-to-hack-u-s-government-computers-via-twitter-and-github-535/

Russian hackers have infiltrated U.S. government and high-profile corporate computers using a very stealthy and highly effective malware program dubbed Hammertoss.


The Rise of Malware


Malware seems to be dominating news headlines almost weekly at this point. We reported just yesterday that a security firm found a severe flaw in the Android mobile operating system that has already affected almost a billion devices.


Hammertoss, however, is dangerous malware that’s in a league all its own. FireEye, the security company who found the malware, reports that it is able to hide in multiple network traffic streams by disguising itself and blending in with normal traffic.


APT29 Could Be Sponsored by the Russian Government


There are plenty of APT (advanced persistent threat) groups, but FireEye believes the group that created Hammertoss are sophisticated, disciplined, and may be sponsored by the Russian government.


FireEye calls this group APT29 because it is the 29th state-sponsored group on FireEye’s watch list. APT29 is believed to be Russian not only because of the target of the attacks but also because the time of the attacks match the Moscow time zone and the Russian holiday schedule.


“While other groups try to cover their tracks, very few groups show the same discipline to thwart investigators and the ability to adapt to network defenders’ countermeasures,” said FireEye.


Hammertoss Uses an Impressive Array of Tricks and Sophistication


While FireEye admits Hammertoss isn’t using any new techniques, the company says they’ve never seen malware operate with so many tricks and at such a sophisticated level.


“We really think Hammertoss exemplifies the way [state-sponsored] actors are moving in a way that more easily evades and avoids traditional defenses,” said Jordan Berry, a researcher at FireEye.


Hammertoss uses Twitter, Github, and other cloud-based services to help conceal itself under additional layers in an attempt to blend in with normal traffic. Through Twitter and Github, Hammertoss inserts itself as a backdoor so that it can “relay commands and extract data from compromised networks.”


Once the malware takes root on a computer, it begins to blend in by operating like a user typically would, another step to further avoid detection. Part of this process is checking Twitter for instructions via specific Twitter handles that will tell the software what to do next.


When instructions are retrieved the software then checks Github to look at specific images. To most people, these images wouldn’t look any different from any other, but they have more instructions for the software embedded in the image’s code.


Once the process is complete, Hammertoss then starts stealing data from the infected computer, transferring it to the cloud in order to be retrieved from the hackers.


FireEye refused to acknowledge which companies have been affected by Hammertoss.


 


Protect your data with Nanoform:




Russian Hackers Use Hammertoss to Hack U.S. Government Computers via Twitter and Github
Posted by at No comments:
Labels: , , , , , , , , , , , , ,
Subscribe to: Posts (Atom)