Security Alerts & News
by Tymoteusz A. Góral

History
#1412 This data-stealing Trojan is the first to also infect you with ransomware
As if stealing your personal data wasn't bad enough, one form of Trojan malware has now become the first of its kind by also infecting victims with ransomware, forcing targets to pay to regain access to their computer as well as compromising their credentials.

Betabot, which steals banking information and passwords, has been around since March 2013. It disables antivirus and malware-scanning software on infected Windows machines before modifying them to steal users login credentials and financial data.

But now, according to cybersecurity researchers at Invincea, Betabot is "breaking new ground", becoming the first known weaponised password-stealing malware that also infects victims with ransomware in a second stage of attack.
#1411 Report: Smartphone infection rate doubled in first half of 2016
Smartphone infection rates nearly doubled during the first half of this year, from 0.25 percent to 0.49 percent compared to the second half of 2015, according to a report released today by Nokia.

Nokia provides endpoint malware detection services to major mobile carriers and covers 100 million devices around the world, with the exception of China and Russia, said Kevin McNamee, director of the Nokia Threat Intelligence Lab.

Android is the most targeted device, accounting for 74 percent of the infections.

IPhones accounted for 4 percent and Windows phones did not show up in the statistics, due to their low market share and low infection rates.

The remaining 22 percent of infections were laptops and personal computers connecting via tethered smartphones or WiFi hotspots.

Infection rates varied by month, with a spike in April. Mobile infections hit an all-time high that month, with one out of every 120 smartphones having some form of malware infection, such as ransomware, spyphone applications, SMS Trojans, personal information theft and overly aggressive adware.
#1410 TorrentLocker: Crypto-ransomware still active, using same tactics
In December 2014, ESET released a white paper about TorrentLocker, a crypto-ransomware family spreading, via spam, email messages that impersonated local postal service, energy or telecom companies. The paper described its distribution scheme, its core functionalities, its network protocol and exposed some similarities with the Hesperbot banking trojan.

During the last few months, we decided to take a look at new samples to check the current state of this malware family. This article summarizes the results of our analysis and compares the 2016 campaigns against our research from late 2014.
#1409 New OSX security updates patch same zero-days as iOS 9.3.5
Late last week, Apple released iOS 9.3.5 to patch three zero-day bugs that could be used to access personal data on an infected phone. Dubbed "Trident," the bugs were used to create spyware called Pegasus that was used to target at least one political dissident in the United Arab Emirates.

Today, Apple has released updates for Safari 9 and OS X El Capitan and Yosemite that collectively patch the three "Trident" bugs in its desktop operating system. It's not clear whether the bugs affect Mavericks or any older versions of OS X, but we've reached out to Apple for comment and will update the article if we receive a response
#1408 New cloud attack takes full control of virtual machines with little effort
The world has seen the most unsettling attack yet resulting from the so-called Rowhammer exploit, which flips individual bits in computer memory. It's a technique that's so surgical and controlled that it allows one machine to effectively steal the cryptographic keys of another machine hosted in the same cloud environment.

Until now, Rowhammer has been a somewhat clumsy and unpredictable attack tool because it was hard to control exactly where data-corrupting bit flips happened. While previous research demonstrated that it could be used to elevate user privileges and break security sandboxes, most people studying Rowhammer said there was little immediate danger of it being exploited maliciously to hijack the security of computers that use vulnerable chips. The odds of crucial data being stored in a susceptible memory location made such hacks largely a matter of chance that was stacked against the attacker. In effect, Rowhammer was more a glitch than an exploit.
#1407 “Foghorn” takes users out of phish-fighting with DNS “greylisting”
Clickers gonna click. Despite mandatory corporate training, general security awareness, and constant harping about the risks of clicking on unverified links in e-mails and other documents, people have been, are now, and forever will click links where exploit kits and malware lurk. It's simply too easy with the slightest amount of targeted work to convince users to click.

Eric Rand and Nik Labelle believe they have an answer to this problem—an answer that could potentially derail not just phishing attacks but other manner of malware as well. Instead of relying on the intelligence of users, Rand and Labele have been working on software that takes humans completely out of the loop in phishing defense by giving clicks on previously unseen domains a time out, "greylisting" them for 24 hours by default. The software, a project called Foghorn, does this by intercepting requests made to the Domain Name Service (DNS).
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12