Attackers are not through testing the limits of what they can do with new features in ransomware samples. That latest found in the wild is called PowerWare and it was discovered a week ago targeting a company in the healthcare industry, researchers at Carbon Black told Threatpost.
System Integrity Protection (SIP) was implemented in OS X El Capitan and imposes limitations on what actions that Mac computers’ root accounts can take against protected paths of the operating system. Yesterday at the SysCan360 conference in Singapore, a researcher from SentinelOne disclosed details of a vulnerability that was patched by Apple this week only in El Capitan that if exploited bypasses SIP.
Researchers have discovered highly stealthy malware that can infect computers not connected to the Internet and leaves no evidence on the computers it compromises.
USB Thief gets its name because it spreads on USB thumb and hard drives and steals huge volumes of data once it has taken hold. Unlike previously discovered USB-born malware, it uses a series of novel techniques to bind itself to its host drive to ensure it can't easily be copied and analyzed. It uses a multi-staged encryption scheme that derives its key from the device ID of the USB drive. A chain of loader files also contains a list of file names that are unique to every instance of the malware. Some of the file names are based on the precise file content and the time the file was created. As a result, the malware won't execute if the files are moved to a drive other than the one chosen by the original developers.