Apple, on Thursday, rolled out a minor update to iPhone, iPad, and iPod devices. The update, dubbed iOS 9.3.1, brings with it a fix for a software glitch that caused many apps -- including Safari, and Chrome -- to freeze and crash when trying to open a link. The issue was related to Universal Link, a feature Apple first introduced with iOS 9. Many reported that some apps including Booking.com were abusing this capability, causing the Universal Link database to overload.
Password Manager, Maximum Security and Premium Security are all at risk. A bug in its software meant that Trend Micro accidentally left a remote debugging server running on customer machines.
The flaw, discovered by Google’s Project Zero researcher Tavis Ormandy, opened the door to command execution of vulnerable systems (running either Trend Micro Maximum Security, Trend Micro Premium Security or Trend Micro Password Manager).
Kaspersky researchers say Russian and Brazilian cybercriminals are trading tools and techniques to target their respective local victims.
Android.Lockdroid ransomware expands to Asia by targeting Japan first. The malware poses as a system update and locks the device from use.
Cyber criminals have been targeting major law firms in what may have been an attempt to gather data for insider trading deals, according to reports. The Wall Street Journal said that a number of US companies had had their computer systems compromised.
Security researchers at Check Point Software claim to have found a weakness in Apple's mobile device management (MDM) interface for iOS devices that could be exploited to gain complete access to devices. Dubbed "SideStepper," the approach could allow an attacker to hijack enterprise management functions and bypass Apple's application security.
At a court hearing earlier this month, the UK's National Crime Authority (NCA) demanded that Lauri Love, a British computer scientist who allegedly broke into US government networks and caused "millions of dollars in damage," decrypt his laptop and other devices impounded by the NCA in 2013, leading some experts to warn that a decision in the government's favor could set a worrisome precedent for journalists and whistleblowers.
ESET researchers are actively monitoring malware that targets embedded systems such as routers, gateways and wireless access points. Recently, we discovered a bot that combines the capabilities of Tsunami (also known as Kaiten) and Gafgyt. It also provides some improvements as well as a couple of new features. We call this new threat Linux/Remaiten. So far, we have seen three versions of Linux/Remaiten that identify themselves as versions 2.0, 2.1 and 2.2. Based on artifacts found in the code, the authors call this new malware “KTN-Remastered” or “KTN-RM”.
Matt Weinberg and Duane Wessels are scheduled to deliver a talk at DNS-OARC 24 in Buenos Aires where they will present their review of the malicious UDP traffic absorbed by the A- and J-Root servers under VeriSign’s control. In their slides, Weinberg and Wessels identify two domains, 336901[.]com and 916yy[.]com, as the real targets with attacks peaking near five million queries per second for each domain on the A and J root servers. Both domains are registered to individuals in China, according to Whois data. The researchers also speculate that the attacks could have originated from a botnet pushing the BillGates or WebTools malware, both of which are known to generate DNS attacks.
In a company blog post entitled "The Trouble with Tor," CloudFlare CEO Matthew Prince says that 94 percent of the requests the company sees coming across the Tor network are "per se malicious." He explains:
"That doesn’t mean they are visiting controversial content, but instead that they are automated requests designed to harm our customers. A large percentage of the comment spam, vulnerability scanning, ad click fraud, content scraping, and login scanning comes via the Tor network. To give you some sense, based on data from Project Honey Pot, 18% of global email spam, or approximately 6.5 trillion unwanted messages per year, begin with an automated bot harvesting email addresses via the Tor network."
Microsoft is bringing to Windows apps (and even the web) some of the convenience and security of being able to use the same tech it uses to keep enterprise laptops safe. The idea here is to let you use the same technology that powers “Windows Hello” — the login security feature of Windows 10 that supports fingerprint scanners, facial recognition and even iris scanners — to log into other services, as well.
Microsoft today is introducing the Bot Framework, a new tool in preview to help developers build their own chatbots for their applications. There is also a new bot directory full of sample bots — like the BuildBot — that Microsoft is showing off today at the company’s Build developer conference in San Francisco.
Windows 10 Anniversary Update will include the ability to run the popular bash shell from Unix, along with the rest of a typical Unix command-line environment.
The Technology Preview offers several new features that are included in the nightly builds of WebKit but not in the stable version of Safari. It offers "one of the most complete implementations of ECMAScript 6," the latest version of the standard behind JavaScript; the B3 JIT JavaScript compiler, a new compiler described specifically for JavaScript; a "revamped IndexedDB implementation that is more stable and more standards compliant;" and support for Shadow DOM.
Security researchers have discovered 1,418 vulnerabilities in CareFusion’s Pyxis SupplyStation system – automated cabinets used to dispense medical supplies – that are still being used in the healthcare and public health sectors in the US and around the world.
Coinkite, one of the earliest Web-based Bitcoin wallet services, has announced today plans to discontinue its service and focus on a hardware-based Bitcoin products, all because of a barrage of relentless DDoS attacks.
From payments mechanisms to customer services, retailers must find new and interesting ways to keep shoppers happy. Industry experts at the recent RBTE 2016 conference in London revealed seven surprising ways IT-led transformation continues to impact the sector.
It's increasingly apparent that for many, it's no longer an issue of SQL vs. NoSQL. Instead, it's SQL and NoSQL, with both having their own clear places—and increasingly being integrated into each other. Microsoft, Oracle, and Teradata, for example, are now all selling some form of Hadoop integration to connect SQL-based analysis to the world of unstructured big data.
Badly configured software used on thousands of machines can let hackers into X-ray scanners, industrial control systems, doctors' servers storing medical records, and more.
Last week, the notorious hacker and troll Andrew Auernheimer showed just how easy it is to use insecure internet-connected printers to spread hateful racist propaganda. The hacker, also known as Weev, said he used two lines of code to make 20,000 printers, many in colleges and universities, spit out an anti-semitic flyer all over the United States.
"From the beginning, we objected to the FBI's demand that Apple build a backdoor into the iPhone because we believed it was wrong and would set a dangerous precedent. As a result of the government's dismissal, neither of these occurred. This case should never have been brought."
Backdoor.Dripion was custom developed, deployed in a highly targeted fashion, and used command and control servers disguised as antivirus company websites.
The FBI is analysing a strain of ransomware called MSIL/Samas that tries to encrypt data across entire networks rather than single computers. The plea comes as security firms warn about other novel strains of the fast-growing, data-scrambling cyber-threats.
Researchers at BleepingComputer said on Friday that the malware is spreading in emails that contain a Dropbox link that will lead to a file that installs the ransomware. The malware replaces the boot drive’s Master Boot Record with a malicious loader. The malware forces Windows to reboot and displays a phony check disk (CHKDSK) operation to the victim while the malware executes in the background and encrypts the master file table.
Just a few days after releasing the iOS 9.3 update, Apple stopped offering it to a selection of older devices including the iPad Air and earlier and the iPhone 5s and earlier due to an activation issue. When the update was pulled, Apple promised to release a new version of iOS 9.3 shortly.
Apple today made good on that promise and has released a new version of iOS 9.3, build 13E237, which is now available for all iOS 9 users with older devices as an over-the-air update or through iTunes. Customers with older devices who had not yet updated to iOS 9.3 will be able to do so now.
As more US companies snuff out point of sale malware by deploying chip-and-PIN bankcard technology, attackers are rushing to exploit existing magnetic strip card systems still vulnerable to malware. A group of hackers that go by the name Bears Inc. are behind the latest barrage of attacks with a custom-built point of sale malware called Treasurehunt, according to research from FireEye.
Citizens of mainland China unexpectedly found themselves with unfettered access to Google search late last night, commencing a golden age of censorship-free searching that lasted all of 105 minutes.
Despite the Badlock hype machine cranked up high, we don’t know much about this impending soul-crushing vulnerability other than it could be bad, it could be in the Windows Server Message Block and it already has its own requisite logo and website.
A remotely exploitable flaw in the Truecaller app exposes the personal details of millions of users, security researchers from Cheetah Mobile Security Research Lab have discovered.
The Node.js Package Manager (or just npm) allows the author of a malicious package to infect other packages and propagate malicious scripts across the npm ecosystem and in the builds of legitimate projects.
Lock-ransomware, also known as lockers, is the first type of ransomware that existed before the rise of crypto-ransomware. This type of ransomware doesn't encrypt files, but merely blocks the user's access to his data.
Attackers are not through testing the limits of what they can do with new features in ransomware samples. That latest found in the wild is called PowerWare and it was discovered a week ago targeting a company in the healthcare industry, researchers at Carbon Black told Threatpost.
The update remedies an out-of-bounds read in Chrome’s open source JavaScript engine V8, two use-after-free vulnerabilities – one in Navigation and one in Extensions – and a buffer overflow in the libANGLE library.
System Integrity Protection (SIP) was implemented in OS X El Capitan and imposes limitations on what actions that Mac computers’ root accounts can take against protected paths of the operating system. Yesterday at the SysCan360 conference in Singapore, a researcher from SentinelOne disclosed details of a vulnerability that was patched by Apple this week only in El Capitan that if exploited bypasses SIP.
Topics discussed: x86/x64, ARM/ARM64, MIPS, Java/JVM.
Topics touched: Oracle RDBMS, Itanium, copy-protection dongles, LD_PRELOAD, stack overflow, ELF, win32 PE file format, x86-64, critical sections, syscalls, TLS, position-independent code (PIC), profile-guided optimization, C++ STL, OpenMP, win32 SEH.
Researchers have discovered highly stealthy malware that can infect computers not connected to the Internet and leaves no evidence on the computers it compromises.
USB Thief gets its name because it spreads on USB thumb and hard drives and steals huge volumes of data once it has taken hold. Unlike previously discovered USB-born malware, it uses a series of novel techniques to bind itself to its host drive to ensure it can't easily be copied and analyzed. It uses a multi-staged encryption scheme that derives its key from the device ID of the USB drive. A chain of loader files also contains a list of file names that are unique to every instance of the malware. Some of the file names are based on the precise file content and the time the file was created. As a result, the malware won't execute if the files are moved to a drive other than the one chosen by the original developers.
According to KrebsOnSecurity, "a prominent member of a closely guarded underground cybercrime forum posted a new thread advertising the sale of a database containing the contact information on some 1.5 million customers of Verizon Enterprise." The entire database was priced at $100,000, or $10,000 for each set of 100,000 customer records. "Buyers also were offered the option to purchase information about security vulnerabilities in Verizon’s Web site," security journalist Brian Krebs reported.
The vulnerability is capable of attacking any Android device running Android 2.2 or higher and allows attackers to hijack of a device without the user even being aware. It does so just by taking advantage of Android's built-in media library, which can be triggered to run malicious code capable of giving the hacker access to all the user's files.
Oracle yesterday released an emergency patch for a Java vulnerability that was improperly patched in 2013. Researchers at Security Explorations in Poland two weeks ago disclosed that a Java patch for an issue the company reported in 2013, CVE-2013-5838, was still trivially exploitable, and it enabled attackers to remotely execute code and bypass the Java sandbox.
EC-Council, the Albuquerque, New Mexico-based professional organization that administers the Certified Ethical Hacker program, started spreading the scourge on Monday. Shortly afterward, researchers from security firm Fox IT notified EC-Council officials that one of their subdomains—which just happens to provide online training for computer security students—had come under the spell of Angler, a toolkit sold online that provides powerful Web drive-by exploits. On Thursday, after receiving no reply and still detecting that the site was infected, Fox IT published this blog post, apparently under the reasonable belief that when attempts to privately inform the company fail, it's reasonable to go public.
For anyone designing Android apps, Google just released a tool that will help make your apps more accessible for all users. The company's new Accessibility Scanner looks at any Android app and will call out aspects of it that could be improved, particularly for differently abled users. The app will even suggest ways you can alter things for the better.
The U.S. government on Thursday indicted seven hackers affiliated with the Iranian government for attacks it called “a frightening new frontier in cybercrime.” Accusing the men of carrying out a series of distributed denial of service (DDoS) attacks against 46 financial companies, the Department of Justice announced the charges in a press conference Thursday morning in Washington, D.C.,
Researchers at Cisco on Wednesday disclosed details on a flaw in an OS X graphics kernel driver that begs to be chained with any number of other exploits to gain kernel level access on a Mac computer.
Craig Williams, security outreach manager for Cisco Talos, said this is the type of flaw that could be exploited at scale and lead to a wide range of compromises.
Brazilian attacks are evolving day-by-day, becoming more complex and efficient. It is there necessary to be wary of emails from unknown sources, especially those containing links and attached files.
Since the malicious payload hosted in the PNG file cannot be executed without its launcher, it cannot be used as the main infector; that is usually delivered to your mailbox, so it has to be installed by a different module.
This technique allows the criminals to successfully hide the binary inside a file that appears to be a PNG image. It also makes the analysis process harder for antivirus companies as well as bypassing the automated process to detect malicious files on hosting servers.
Symantec has recently observed various malware families seen in the wild signed with multiple digital certificates. As seen with Suckfly, valid, legitimate certificates can be stolen from an organization, often without their knowledge, and then used to sign malware to evade detection. In this case, attackers have used multiple digital certificates together to increase the chance that the targeted computer considers their malware safe. The attacker's ultimate goal is that their attack goes completely undetected.
The Trend Micro Forward-Looking Threat Research team recently uncovered an information theft campaign in India that has stolen passport scans, photo IDs, and tax information of high-ranking Indian military officers, non-Indian military attaché based in the said country, among others. We came across this operation while monitoring other targeted attack campaigns and what caught our interest, apart from its highly targeted nature, is the lack of sophistication in the tools and tactics it used.
Many IT departments having Windows 8 PCs not belonging to their fleet of enterprise versions are quickly jumping on the bandwagon of upgrading to Version 10 free of charge. But which security solution works best with Windows 10 clients? AV-TEST tested 11 current versions.
Two-factor authentication is a best practice for securing remote access, but it is also a Holy Grail for a motivated red team. Hiding under the guise of a legitimate user authenticated through multiple credentials is one of the best ways to remain undetected in an environment. Many companies regard their two-factor solutions as infallible and do not take precautions to protect against attackers’ attempts to bypass or backdoor them.
RSA security researcher Rotem Kerner has identified a common vulnerability in the firmware of 70 different CCTV DVR vendors, which allows crooks to execute code and even gain root privileges on the affected devices.
Apple's huge success with services like iTunes, the App Store, and iCloud has a dark side. Apple hasn't been able to build the all the data centers it needs to run these enormous photo storage and internet services on its own. And it worries that some of the equipment and cloud services it buys has been compromised by vendors who have agreed to put "back door" technology for government spying, according to a report from The Information's Amir Efrati and Steve Nellis.
Google is planning to compete with Nuance and other voice recognition companies head on by opening up its speech recognition API to third-party developers. To attract developers, the app will be free at launch with pricing to be introduced at a later date.
Google's has bolstered its toolset for keeping tabs on digital certificate suppliers that go rogue.
That toolset, a Google-designed digital certificate logging system known as Certificate Transparency (CT), can help protect Chrome users from the kind of mis-issued Secure Sockets Layer (SSL) certificates that Symantec generated last year for some Google domains.
The incident sparked an angry response from Google, which demanded that from June 1, 2016, Symantec log all certificates it issues in line with Google's Chromium CT policy or else websites that rely on its certificates will be flagged as dangerous by Chrome.
Microsoft is finally addressing the elephant in the room in terms of security for Office users and has announced a new feature in the Office 2016 suite that will make it harder for attackers to exploit macro malware.
Millions of Android phones, including the entire line of Nexus models, are vulnerable to attacks that can execute malicious code and take control of core functions almost permanently, Google officials have warned.
Using financial Trojans to defraud customers of online banking services is still a popular method among cybercriminals looking to make a profit. Although we have seen a drop in the number of financial Trojans being detected, the Trojans are becoming more capable at what they do and the threat they pose will remain for some time to come. Furthermore, criminals are increasingly targeting financial institutions directly, using malware or through business email compromise (BEC) scams.
Trojan attacks against the financial industry are becoming more effective and will continue to plague the sector for some time, as cybercriminals move away from attacking customers and instead choose to target the banks themselves, due to the increased incentive of a more lucrative cash haul.
The Tor Project is fortifying its software so that it can quickly detect if its network is tampered with for surveillance purposes, a top developer for the volunteer project wrote on Monday.
Just under half of cybersecurity professionals use any form of shared cyberthreat intelligence (CTI) in their efforts to protect their enterprises from cyberattacks and hackers, despite CTI's potential to significantly improve security in the fight against cybercrime.
For years, car owners with keyless entry systems have reported thieves approaching their vehicles with mysterious devices and effortlessly opening them in seconds. After having his Prius burgled repeatedly outside his Los Angeles home, the New York Times‘ former tech columnist Nick Bilton came to the conclusion that the thieves must be amplifying the signal from the key fob in the house to trick his car’s keyless entry system into thinking the key was in the thieves’ hand. He eventually resorted to keeping his keys in the freezer.
A group of researchers has proved that it is possible to break the encryption used by many mobile payment apps by simply measuring and analysing the electromagnetic radiation emanating from smartphones.
StartSSL has only one way to validate the ownership of a domain name which is through a predefined list of emails (such as Webmaster,Postmaster and Hostmaster) that are in the same domain you are trying to verify. This method is rarely used, instead for the domain validation most certificate authorities ask the domain owner to place a certain file in their websites.
Security researchers discovered a number of weaknesses in iMessage's encryption system. Apple's patches are already slated to appear.
This document describes the security content of OS X El Capitan v10.11.4 and Security Update 2016-002.
The FBI says it may have found a way to unlock the San Bernardino attacker's iPhone without Apple's assistance.
A court hearing with Apple scheduled for Tuesday has been postponed at the request of the US Justice Department (DOJ), Apple has confirmed.
The vulnerabilities were patched today with the release of iOS 9.3 and an updated version of OS X. Of perhaps larger importance is the context they bring to the ongoing Apple-FBI legal fight over encryption. The team of Green and students Ian Miers, Christina Garman, Gabriel Kaptchuk and Michael Rushanan demonstrated how a resourced attacker could pick apart flaws in what is widely considered the most secure, commercial messaging platform to get at messages sent to a target phone. They contend that the FBI’s court order for the introduction of intentionally weak crypto, or other proposals such as key escrow, aren’t necessary when security issues like these can be ferreted out.
Google says no to rooting apps in Google Play and issues an emergency patch for Nexus devices to fix a critical kernel bug.
Apple's iMessage system has a cryptography flaw that allowed researchers to decrypt a photo stored in iCloud, the Washington Post reported on Sunday. The researchers, led by cryptography expert Matthew D. Green of Johns Hopkins University, wrote software that mimicked an Apple server and then targeted an encrypted photo stored on iCloud, the publication reported. They were able to obtain the decryption key by repeatedly guessing each of its 64 digits. When a correct digit was guessed, the phone let them know if it was correct. Further technical details were not available.
During a recent roundtable discussion MobileSyrup attended at Netflix’s head office in Los Gatos, California, Netflix CEO Reed Hastings finally commented on the company’s controversial move to begin blocking the use of proxy VPN/DNS services.
A proof-of-concept exploit dubbed Metaphor works against Android versions 2.2 through 4.0 and 5.0 and 5.1, which together are estimated to run 275 million phones, researchers from Israeli security firm NorthBit said. It attacks the same Stagefright media library that made an estimated 950 million Android phones susceptible to similar code-execution attacks last year.
The Federal Trade Commission is warning a dozen developers about some code they’ve included in their apps that can surreptitiously listen to unique audio signals from TVs in the background and build detailed profiles of what consumers are watching. The technology, produced by a company called SilverPush, is used to track users across devices and the FTC warned the developers that if they don’t disclose the use of the code to consumers, they could be violating the FTC Act.
The first task of Britain's new cybersecurity centre will be to work with the Bank of England, the government has announced.
The work will involve setting standards for the financial sector in terms of resilience to the type of cyber threats which could undermine the UK economy.
The new body - now renamed the National Cyber Security Centre (NCSC) - was unveiled last year by the Chancellor.
DRIDEX’s continued prevalence could be attributed to two main factors: the botnet’s efficient delivery mechanism, which leads to more affected users; and its resilient peer-to-peer infrastructure that allows it to continue its operation. We also surmise that DRIDEX is being peddled in cybercriminal underground markets, allowing other cybercriminals and attackers to use botnet for their malicious activities.
Ransomware is malicious software that is designed to hold users' files (such as photos, documents, and music) for ransom by encrypting their contents and demanding the user pay a fee to decrypt their files. Typically, users are exposed to ransomware via email phishing campaigns and exploit kits. TeslaCrypt is one well-known ransomware variant, infecting many victims worldwide. It is in the top 5 of ransomware we see most often in our analysis systems. The core functionality of TeslaCrypt 3 remains the same as it continues to encrypt users’ files and then presents a message demanding the user to pay a ransom.
A hacker had somehow gotten access to iCloud account. Using this, he was able to remotely lock a computer using iCloud’s Find My Mac feature, with a ransom message displayed on the screen.
Spammers are abusing ill-configured U.S. dot-gov domains and link shorteners to promote spammy sites that are hidden behind short links ending in”usa.gov”.
Physical weaknesses in memory chips that make computers and servers susceptible to hack attacks dubbed "Rowhammer" are more exploitable than previously thought and extend to DDR4 modules, not just DDR3, according to a recently published research paper.
The tests showed many of the DIMMs were vulnerable to a phenomenon known as "bitflipping," in which 0s were converted to 1s and vice versa. The report was published by Third I/O, an Austin, Texas-based provider of high-speed bandwidth and super computing technologies. The findings were presented over the weekend at the Semicon China conference.
Mitre Corporation will introduce a new pilot program for classifying Common Vulnerabilities and Exposures (CVE) in the coming weeks. The move is in response to a backlash in the security community where some critics contend Mitre is failing to keep pace with a massive influx in the number of reported vulnerabilities to the organization.
Israeli software research company NorthBit claimed it had "properly" exploited the Android bug that was originally described as the "worst ever discovered".
The exploitation, called Metaphor, is detailed in a research paper (PDF) from NorthBit and also a video showing the exploit being run on a Nexus 5. NorthBit said it had also successfully tested the exploit on a LG G3, HTC One and Samsung Galaxy S5.
American Express has begun notifying cardholders that their data may have been compromised in a third-party breach. A notification letter filed on March 10 with California’s attorney general indicates that AmEx account numbers, user names and other information including expiration dates may have been accessed.
What makes AceDeceiver different from previous iOS malware is that instead of abusing enterprise certificates as some iOS malware has over the past two years, AceDeceiver manages to install itself without any enterprise certificate at all. It does so by exploiting design flaws in Apple’s DRM mechanism, and even as Apple has removed AceDeceiver from App Store, it may still spread thanks to a novel attack vector.
In real-world war, combatants typically don’t attack hospitals. In the cyber realm, hackers have no such scruples. “We’re attacked about every 7 seconds, 24 hours a day,” says John Halamka, CIO of the Boston hospital Beth Israel Deaconess. And the strikes come from everywhere: “It’s hacktivists, organized crime, cyberterrorists, MIT students,” he says.
On Monday, experts speaking to The Wall Street Journal about the ongoing smartphone encryption debate estimated that roughly "10 percent of the world's 1.4 billion Android phones were encrypted," compared to 95 percent of all iPhones. For iPhones, that estimate is based on data provided by the company's OS distribution chart—this isn't a perfect source since it also includes iPods and iPads. In any case, the vast majority of iDevices are running iOS 8 or 9 and are thus encrypted in a way that makes it impossible for Apple or others to directly access data on them without their passcodes.
VMware patched two cross-site scripting vulnerabilities in its products this week that if exploited, could lead to the compromise of a user’s client workstation. The bugs, stored XSS vulnerabilities and rated important, exist in the company’s vRealize Automation and vRealize Business Advanced and Enterprise platforms.
There are lots of ways to ensure the success of an advanced hacking operation. For a gang called Suckfly, one of the keys is having plenty of stolen code-signing certificates on hand to give its custom malware the appearance of legitimacy.
Smart Reply, which has been on the Inbox app for a few months, relies on a trained system consisting of a pair of neural networks that interpret email and offer sensible short responses. The first network encodes words from incoming email while the second cooks up a grammatically correct reply.
Special antivirus tools are the typical rescue tool of choice after a malware attack. The lab at AV-TEST tested 5 popular special tools for almost a year to see whether they can reliably rescue infected Windows PCs from malware and repair everything again.
The data was taken from analysis of exploit kit URLs that were blocked by Trend Micro products over the entirety of 2015. This information represents a sizable sample of the overall threat landscape. This allows us to observe any long-term trends in the overall landscape and protect our users accordingly.
According to AWS, the migration service is a fully managed service that allows customers to migrate their production Oracle, SQL Server, MySQL, MariaDB, and PostgreSQL databases from on-premises datacentres to AWS' cloud.
The latest version of the open source implementation of the SSH protocol patches a flaw that exposes it to command injection attacks. The open source project cautions that OpenSSH disabled X11Forwarding long ago—it is no longer the default configuration—thus limiting the risk to most users. But some vendors—OpenSSH singled out Red Hat in particular—turn X11Forwarding on and those versions prior to 7.2p2 with X11Forwarding enabled are at risk.
Malware that targets Steam accounts has proliferated the gaming platform and become what researchers are calling a “booming business” for cybercriminals over the last few months.
Mainstream websites, including those published by The New York Times, the BBC, MSN, and AOL, are falling victim to a new rash of malicious ads that attempt to surreptitiously install crypto ransomware and other malware on the computers of unsuspecting visitors, security firms warned.
Servo started as an experimental project belonging to the Mozilla Research team, which set out to build a sleeker Web layout engine as an alternative to Firefox's default engine called Gecko.
The difference between Servo and Gecko is that the former was coded entirely in Rust, a programming language that Mozilla developed for its applications, focused on performance and stability, something that Firefox was lacking at that particular point in time.
Chinese hackers are launching sophisticated ransomware attacks - in which they hijack machines and demand payment to decrypt them, according to reports.
Turning a regular credit and debit card reader into a device that steals a victim’s credit card information—commonly known as a skimmer—can take less than three seconds.
Spammed Word documents with malicious macros have become a popular method of infecting computers over the past few months. Attackers are now taking it one step further by using such documents to deliver fileless malware that gets loaded directly in the computer's memory.
According to Endgame security researchers, the top level domain for Middle Eastern country Oman (.om) is being exploited by typosquatters who have registered more than 300 domain names with the .om suffix for U.S. companies and services such as Citibank, Dell, Macys and Gmail. Endgame made the discovery last week and reports that several groups are behind the typosquatter campaigns.
Tech giants including Google, Facebook, Whatsapp and Snapchat are looking to increase the privacy of user data by expanding their encryption features. The recent reports mark growing industry support for Apple in its fight to not allow authorities backdoor access into users’ devices.
The oldest long-term supported kernel branch, Linux 2.6.32, was about to reach its end of life in February, as kernel developer Willy Tarreau said it would happen in an announcement made at the end of January 2016.
Today, March 14, 2016, Linus Torvalds and the hard-working team of kernel developers have been proud to announce the official release of Linux kernel 4.5, along with its immediate availability for download.
OpenSSH on Friday dropped a patch for a vulnerability that could expose files to theft and manipulation.
The Black Hat Briefings are a series of highly technical information security conferences that bring together thought leaders from all facets of the infosec world - from the corporate and government sectors to academic and even underground researchers. The environment is strictly vendor-neutral and focused on the sharing of practical insights and timely, actionable knowledge. Black Hat remains the best and biggest event of its kind, unique in its ability to define tomorrow's information security
On Feb. 19, IBM XForce researchers released an intelligence report [1] stating that the source code for GM Bot was leaked to a crimeware forum in December 2015. GM Bot is a sophisticated Android malware family that emerged in the Russian-speaking cybercrime underground in late 2014. IBM also claimed that several Android malware families recently described in the security community were actually variants of GM Bot, including Bankosy[2], MazarBot[3], and the SlemBunk malware recently described by
The guide aims to provide basic cyber-hygiene for journalists. When we talk about this, participating journalists often tell us: we have nothing to hide. Or: I don’t write about anything sensitive. But we’re not per se worried that journalists get into fights with the NSA or army divisions. It could happen of course, but consider this: will you ever write about something that can possibly make someone upset? Because what happens much more often is that adversaries will try to intimidate you or d
Microsoft has stopped accepting bitcoin as a payment option within its Microsoft Store that is used to purchase software and devices online, as well as power the company's Xbox, music, and video stores.
While many VPN providers say they do not log their users' activities in order to protect anonymity, it's not often their claims get tested in the wild. However, a criminal complaint filed by the FBI this week notes that a subpoena sent to Private Internet Access resulted in no useful data being revealed about a suspected hoaxer.
The extension's name is BitcoinWisdom Ads Remover and is a Chrome extension that removes ads from the BitcoinWisdom.com, a website for consulting all kinds of Bitcoin-related statistics, all presented in easy-to-understand charts.
According to Bitstamp, a website that lets users exchange Bitcoin for US dollars, this extension contains malicious code that is redirecting payments to its own Bitcoin address, instead of the one intended by the user making the transaction.
The Department of Justice has opened another legal front in the ongoing war over easy-to-use strong encryption.
According to a Saturday report in The New York Times, prosecutors have gone head-to-head with WhatsApp, the messaging app owned by Facebook. Citing anonymous sources, the Times reported that "as recently as this past week," federal officials have been "discussing how to proceed in a continuing criminal investigation in which a federal judge had approved a wiretap, but
A post on reddit that has received quite a lot of attention in the last few hours reveals that “Windows 7 computers are being reported as automatically starting the Windows 10 upgrade without permission,” with several users confirming in the comment section that this is indeed the case.
Marriott International has to pay $600,000 following a probe into whether it intentionally blocked personal Wi-Fi hotspots in order to force customers to use its own very pricey service.
Reflection DDoS attacks, also known as R-DDoS, DRDoS, or Distributed Reflective Denial of Service attacks, are a more dangerous version of regular DDoS attacks.
Reflection DDoS attacks rely on an attacker sending traffic to an intermediary point with a bad return address (the victim's IP). By crafting malformed network traffic packets, and abusing flaws in a protocol or server setup, this traffic is then sent to the return address (the victim's IP) multiple times over. The number of times a p
A vulnerability in “libotr,” the C code implementation of the Off-the-Record (OTR) protocol that is used in many secure instant messengers such as ChatSecure, Pidgin, Adium and Kopete, could be exploited by attackers to crash an app using libotr or execute remote code on the user’s machine.
A group of former Skype, Apple and Microsoft employees, backed by Skype’s co-founder Janus Friis, created a Skype alternative called “Wire” back in 2014, which wasn’t end-to-end encrypted at the time. The team announced that the latest version of the app brings open source end-to-end encryption from everything to chats to video calls, as well as multi-device end-to-end encryption.
The bypass code, which was released Thursday by Polish security firm Security Explorations, contains only minor changes to the original proof-of-concept, according to an e-mail posted to the Full Disclosure security list. Security Explorations released the original exploit in October 2013 following the release of a patch from Oracle. Thursday's bypass changes only four characters from the 2013 code and uses a custom server to work. The bypass means that millions of Java users have remained vulne
Networking hardware vendor TP-Link says it will prevent the loading of open source firmware on routers it sells in the United States in order to comply with new Federal Communications Commission requirements.
US Federal Communications Commission (FCC) boss Tom Wheeler on Thursday outlined a proposal that would require broadband providers such as Verizon and Comcast to obtain consent before collecting consumer data.
According to statistic published in the VeriSign Distributed Denial of Service Trends Report, DDoS activity is the highest it's ever been, with the final quarter of 2015 seeing an 85 percent rise in instances - almost double the number of attacks - when compared with the same same period in 2014. The figures for Q4 2015 also represent a 15 percent rise on the previous quarter.
Staminus Communications Inc., a California-based Internet hosting provider that specializes in protecting customers from massive “distributed denial of service” (DDoS) attacks aimed at knocking sites offline, has itself apparently been massively hacked. Staminus’s entire network was down for more than 20 hours until Thursday evening, leaving customers to vent their rage on the company’s Facebook and Twitter pages. In the midst of the outage, someone posted online download links for what appear t
Adobe has issued an emergency update for its Flash media player that patches almost two dozen critical vulnerabilities, including one that's being maliciously exploited in the wild.
A vulnerability in the web server used in the Cisco Cable Modem with Digital Voice Model DPC2203 could allow an unauthenticated, remote attacker to exploit a buffer overflow and cause arbitrary code execution.
The way you move your mouse is unique, like fingerprints, and can be used by dark forces to track you on supposedly anonymous and secure networks like Tor, according to a Barcelona researcher.
The flaw is tied to a feature called “Samsung SW Update Tool 2.2.5.16” designed keep Samsung laptop users’ drivers and software up to date. Security researchers at Core Security discovered the vulnerability in November 2015 and disclosed the flaw March 4 after Samsung issued the patch to fix the problem.
Users of secure messaging apps such as Pidgin, Adium and others built upon libotr, the Off-the-Record protocol, are being urged to update immediately to current versions after the discovery of a critical flaw that can be used in targeted attacks to expose encrypted communication.
Cyberthieves who targeted Bangladesh's central bank tried to get away with $1bn, reports Reuters.
Security firms are warning about a sudden "huge" surge in junk mail messages containing ransomware.
The Australian Communications and Media Authority (ACMA) has addressed the issues associated with licensing spectrum for the Internet of Things (IoT), arguing in favour of a default spectrum band for all devices across the globe -- or, alternatively, sensors that can identify which country a device is operating in.
A banking Trojan is hitting the market with a valid root certificate and a set of installation directions. It shows that there are some real security gaps in the current Certificate Authorities system.
Active users of mobile banking apps should be aware of a new Android banking trojan campaign targeting customers of large banks in Australia, New Zealand and Turkey. The banking malware, detected by ESET security products as Android/Spy.Agent.SI, can steal login credentials from 20 mobile banking apps.The list of target banks includes the largest banks in each of the three target countries (A full list can be found in the final section of this article). Thanks to its ability to intercept SMS com
Google has confirmed with Search Engine Land that it is removing Toolbar PageRank. That means that if you are using a tool or a browser that shows you PageRank data from Google, within the next couple weeks it will begin not to show any data at all.
Ubuntu developers have deprecated the fglrx / Catalyst Linux display stack for Ubuntu 16.04 LTS. Users of this upcoming Ubuntu release are now encouraged to use the open-source Radeon display stack.
MIT's Polaris framework will work by creating dependency graphs for each Web page, which dictates the most efficient order in which all the page resources need to be loaded.
Much like Google, which updated Chrome yesterday, Mozilla released a new version of Firefox on Tuesday, fixing 40 vulnerabilities in the browser.
The update, Firefox 45, included eight bulletins rated critical and patched a handful of serious use-after-free vulnerabilities and a pair of buffer overflow vulnerabilities.
Yesterday, Microsoft patched a flaw in the Windows USB Mass Storage Class Driver that could put some people on edge. Though the flaw was rated “important,” likely because it requires local access to exploit, previous work in this arena shows that such a bug could be attacked remotely.
Home Depot has agreed to pay as much as $19.5 million to remedy the giant data breach it suffered in 2014, the company confirmed on Tuesday. Included in that figure is a reported $13 million to reimburse customers for their losses and $6.5 million to provide them with one and a half years of identity protection services.
Google pushed out the latest version of its flagship browser Chrome on Tuesday, fixing three high severity bugs in the process.
The update graduates the browser to version number 49.0.2623.87 for Windows, Mac, and Linux, according to a post on Google’s Chrome Releases blog this week.
Phishing attacks have linked back to YouTube channels where phishers explain their attacks and promote their tools while looking for buyers.
The explosive growth of the Internet of Things has created a host of new threats for the enterprise. Here's how hackers are targeting your connected devices and what you can do about it.
One million free TLS certificates have now been issued, paving the way for better encryption and security on the Web.
Qualcomm Snapdragon SoCs (systems on a chip) power a large percentage of smart devices in use today. The company’s own website notes that more than a billion devices use Snapdragon processors or modems. Unfortunately, many of these devices contain security flaws that could allow an attacker to gain root access. Gaining root access on a device is highly valuable; it allows the attacker access to various capabilities they would not have under normal circumstances.
Dell SecureWorks researchers have developed a tool that allows Windows system administrators to detect network intrusion attempts and pinpoint them to the original source (i.e. a compromised endpoint), and have made it available for everybody.
Classified revisions accepted by secret Fisa court affect NSA data involving Americans’ international emails, texts and phone calls.
Mark Ward: "Could your children be your weak link when it comes to home security? One of mine almost was thanks to Minecraft."
A big surprise was revealed today by security researchers from Romanian antivirus company Bitdefender, who claim that the KeRanger Mac ransomware that appeared last weekend is actually a rewrite of the ransomware variant that's been plaguing Linux servers for the past five months.
This month the vendor is releasing 13 bulletins, five of which are rated Critical.
The Internet Systems Consortium (ISC) this week announced that it plans to patch versions of its Dynamic Host Configuration Protocol (DHCP) to mitigate a vulnerability that could’ve let a remote attacker cause a denial of service condition.
The group acknowledged on Monday that it plans to release DHCP 4.1-ESV-R13 and DHCP 4.3.4, at some point this month. Both versions will include code that should make the vulnerability harder to exploit.
Adobe today released security updates for its PDF editing and viewing products, Acrobat and Reader, and its ereader for books called Adobe Digital Editions. And while the customary Flash update is missing from today’s monthly rollout, Adobe said a new version of the software will be available “in the coming days.”
Microsoft released a baker’s dozen worth of security bulletins on Tuesday, including five rated critical and two rated important that could result in remote code execution attacks against compromised machines.
Google fixes seven critical bugs in its March security patch update but, besides Google's Nexus line, only BlackBerry's Priv has received the patches.
Scott Guthrie, executive vice president of Microsoft's Cloud and Enterprise Group, announced today that next year Microsoft will be releasing a version of SQL Server that runs on Linux. A private preview is available today that includes the core relational database features of SQL Server 2016.
Telstra and Cisco have announced their three upcoming software-defined networking (SDN) and network function virtualisation (NFV) products to improve cloud security and global datacentre interconnection, with the first now in beta.
Java JAR files will run on all three major platforms, Mac, Linux, and Windows, and even on Android devices under special conditions.
Apple has shut down what appears to have been the first, fully-functional ransomware targeting Mac computers. This particular form of cyber threat involves malware that encrypts the data on your personal computer so you can no longer access it. Afterwards, the hackers request that you pay them in a hard-to-trace digital currency – in this case, bitcoin – in order for you to retrieve your files. This ransomware, called KeRanger,” was first reported by researchers at Palo Alto Networks. They also
Google today patched two critical holes in its problematic Android Mediaserver component which would allow an attacker to use email, web browsing, and MMS processing of media files to remotely execute code. With this latest vulnerability, Google has patched its Mediaserver more than two dozen times since the Stagefright vulnerability was discovered in August.
Facebook has paid $15,000 (€13,600) to an independent security researcher who discovered a simple way of resetting passwords for other accounts, setting a new passphrase and effectively taking over profiles.
Apple has yet to patch a series of bypass vulnerabilities in iOS that could enable an attacker to sidestep the passcode authorization screen on iPhones and iPads running iOS 9.0, 9.1, and the most recent build of the mobile operating system, 9.2.1.
“By doing so, I knew that I would get a shitload of public attention, which I did,” McAfee said. “That video, on my YouTube account, it has 700,000 views. My point is to bring to the American public the problem that the FBI is trying to [fool] the American public. How am I going to do that, by just going off and saying it? No one is going to listen to that crap.
Google has responded to European Union data watchdogs by expanding its right-to-be-forgotten rules to apply to its search websites across the globe.
At the current rate, this year Google will probably need to assess one billion URLs that allegedly infringe copyrights.
Employees should be the most effective security control, but instead they create the greatest vulnerabilities, warns report
A security research firm announced Sunday its discovery of what is believed to be the world’s first ransomware that specifically goes after OS X machines. "This is the first one in the wild that is definitely functional, encrypts your files and seeks a ransom,” Ryan Olson, of Palo Alto Networks, told Reuters.
A functional quantum computer large enough to crack traditional RSA encryption may still be in the future, but the U.S. National Security Agency is taking the possibility seriously. In January, it posted an FAQ on the technology’s potential.
Email scam artists last week tricked an employee at data storage giant Seagate Technology into giving away W-2 tax documents on all current and past employees, KrebsOnSecurity has learned. W-2 forms contain employee Social Security numbers, salaries and other personal data, and are highly prized by thieves involved in filing phony tax refund requests with the Internal Revenue Service (IRS) and the states.
In the run-up to the presidential election, few days go by when Donald Trump isn't hitting the headlines for something he's said or done. The bombastic billionaire looks set to become the republican candidate, and his journey towards the White House is littered with offense and controversy, and back in December Anonymous declared war on him.
Kai Cao and Anil K. Jain from the Department of Computer Science and Engineering at Michigan State University have devised a simpler and faster method of spoofing fingerprints that can be carried out in 15 minutes or less.
A new file-encrypting ransomware program called Cerber has taken creepiness for victims, but also affordability for criminals, to a new level.
In terms of functionality Cerber is not very different than other ransomware threats. It encrypts files with the strong AES-256 algorithm and targets dozens of file types, including documents, pictures, audio files, videos, archives and backups.
Microsoft released KB3140743 update yesterday for Windows 10 devices, and as we showed, this is actually an important release, as it brings some structural changes to some basic Windows functions.
But, since no update, be it for Insiders or regular users, doesn’t come free of bugs and issues, we’ve discovered the first problems being reported. If you have encountered more, don’t hesitate and use the comments’ section at the end to leave your input.
The Venezuelan government has made it a crime to publish the street trading rate as it countermands the "official" exchange rates, which are far more favorable to the government. The recent collapse of the price of oil has exacerbated Venezuela's economic woes; the country is widely expected to default on its international debts later this year.
Mozilla announced this week that it has identified a shortlist of projects for development and testing in their Internet of Things experiment. This follows last December’s decision to stop competing in the smartphone market, instead focusing its energies on other connected devices and the Internet of Things.
Security researchers have unmasked the wicked actions of a WordPress plugin that was installing a backdoor through which it was altering core WordPress files so it could log and steal user credentials from infected sites.
Diplomats and military personnel in India have been victimized in targeted espionage attacks that use a number of means of infection including phishing and watering hole sites.
In recent weeks, the number of "hidden services"—usually Web servers and other Internet services accessible by a ".onion" address on the Tor anonymizing network—has risen dramatically. After experiencing an earlier spike in February, the number of hidden services tracked by Tor spiked to 114,000 onion addresses on March 1. They then dropped just as quickly, falling to just below 70,000 hidden services seen by Tor on Thursday—still twice the number that Tor had held steady at
Two major high street banks will change security procedures after journalists from BBC Radio 4's You and Yours programme broke into an account online and removed money.
The initial breach of the Ukraine power grid was -- as so often in cyberattacks -- down to the human factor: spear-phishing and social engineering were used to gain entry to the network. Once inside, the attackers exploited the fact that operational system.
This week the dire predictions came to pass, as the network reached its capacity, causing transactions around the world to be massively delayed, and in some cases to fail completely. The average time to confirm a transaction has ballooned from 10 minutes to 43 minutes. Users are left confused and shops that once accepted Bitcoin are dropping out.
You can hire Russian attackers to knock out a website for two days for just $173, according to new research by Arbor Networks.
Trojans obtaining unauthorized superuser privileges to install legitimate apps and display advertising would eventually start installing malware. And worst fears have been realized: rooting malware has begun spreading the most sophisticated mobile Trojans we have ever seen.
The resurgence and continued prevalence of macro malware could be linked to several factors, one of which is their ability to bypass traditional antimalware solutions and sandboxing technologies. Another factor is the continuous enhancements in their routines: just recently, we observe that the macro malware related to DRIDEX and the latest crypto-ransomware variant, Locky ransomware, used Form object in macros to obfuscate the malicious code. With this improvement, it could further aid cybercri
Researchers have devised an attack on Android and iOS devices that successfully steals cryptographic keys used to protect Bitcoin wallets, Apple Pay accounts, and other high-value assets.
Cisco Systems issued a “critical” patch on Wednesday for its Nexus 3000 and 3500 series switches that allow remote attackers to access default account and static password information on affected hardware. The vulnerability could allow an unauthenticated user to log in to the affected system with the privileges of a root user.
Mozilla developers have taken steps to ban the popular YouTube Unblocker add-on after it was caught altering browser security settings and even installing a second add-on without the user's consent.
There's one edge case for people who frequently troubleshoot and fix Macs, as pointed out by TidBits: old OS X installers downloaded from the Mac App Store before the certificate's expiration date will no longer work. This includes not just installers for El Capitan, but also downloaded installers for Yosemite, Mavericks, Mountain Lion, and Lion—every OS X installer issued using the Mac App Store. It also affects any USB install disks you've created using the downloaded installer.
Brazilian cybercriminals have been “competing” with their Russian-speaking “colleagues” for a while in who makes more Trojan bankers and whose are most effective. A few days ago we found a new wave of different campaigns spreading the initial “Banloader” components in Jar (Java archive), which is very particular by its nature – it’s able to run on Linux, OS X, and of course Windows. Actually, it’s also able to run under certain circumstances even on mobile devices.
In a study that looked at the password strength required to access website account for Wells Fargo, Capital One and 15 other banks, researchers found that 35 percent had significant weaknesses in their password policies, according to University of New Haven Cyber Forensic Research and Education Group.
While Apple continues to resist a court order requiring it to help the FBI access a terrorist's phone, another major tech company just took a strange and unexpected step away from encryption.
Amazon has removed device encryption from the operating system that powers its Kindle e-reader, Fire Phone, Fire Tablet, and Fire TV devices.
According to the firm's recent survey, Early Adopters of Internet of Things Poised to Make 2016 the Year of the Customer, the number of businesses planning to adopt some sort of IoT strategy is set to grow by 50 percent this year, a figure which would bring the overall total of businesses with some sort of IoT deployment to 43 percent.
According to Cyber Security: Underpinning the Digital Economy, a report by the Institute of Directors and Barclays bank, companies are keeping quiet about being the victim of a cyberattack, even if their operations were badly affected by such an incident -- as figures suggest was the case for half of respondents.
Malicious advertising, also known as malvertising, has become the best method to distribute malware on a global scale with surgical precision. Simply put, malvertising is a means to expose innocent users visiting legitimate websites to malware. It uses a rogue advertisement (a banner ad) on the website to redirect the victim to a malicious payload, often delivered via an exploit kit.
A Turkish man alleged to have masterminded the theft of more than $55m (£39m) has pleaded guilty in a US court.
Experts have stressed this week that DROWN is no Heartbleed, but at some point in the not too distant future, there’s going to be another major Internet vulnerability and developers at OpenSSL claim they’re battle tested.
Putting aside the illegality of hacking back for a second, there are many tentacles to such an action that not only put a company’s legal position and reputation at risk, but also threatens innocent third parties caught in the crossfire.
WinRT PDF, the default PDF reader for Windows 10, opens Edge users to a new series of attacks that are incredibly similar to how Flash, Java, and Acrobat exposed Web users for the past few years.
Internet "trolls" could face criminal charges for creating fake profiles, according to guidance being considered for prosecutors in England and Wales.
Cybersecurity firm Darktrace has launched new cyberdefence tool which it claims uses machine learning to automatically fight back against cybercrime threats, even if the malicious intrusion is previously unknown.
The Pentagon has invited external experts to hack into its systems in the first such test of its cybersecurity measures
Apple's forthcoming mobile OS update will give admins new tools to make sure company-issued iPhones are focused on work and not play.
BIFROSE has been updated by Shrouded Crossbow specifically for the campaigns they pursue. Some of their victims have already been compromised by both Windows and UNIX versions of BIFROSE. Historically, Shrouded Crossbow has used BIFROSE to target privatized government agencies, government offices, and government contractors, as well as companies in the consumer electronics, computer, healthcare, and financial industries.
The baby monitors transmitting a live feed onto the internet for all to see -- and the smart teddy bear that could be hijacked. The car that allows hackers to take control of systems remotely. The power grid knocked offline by attackers accessing industrial control systems.
The rise of the Internet of Things (IoT) will bring with it huge benefits to businesses and consumers, but right now it is also creating a security nightmare.
DROWN allows attackers to break the encryption and read or steal sensitive communications, including passwords, credit card numbers, trade secrets, or financial data. Our measurements indicate 33% of all HTTPS servers are vulnerable to the attack.
More than 11 million websites and e-mail services protected by the transport layer security protocol are vulnerable to a newly discovered, low-cost attack that decrypts sensitive communications in a matter of hours and in some cases almost immediately, an international team of researchers warned Tuesday. More than 81,000 of the top 1 million most popular Web properties are among the vulnerable HTTPS-protected sites.
Spam campaign baits users with Visa Total Rewards emails containing malware that leads to Trojan.Cryptolocker.N infections.
Microsoft is beefing up Windows Defender, the anti-malware program that ships with Windows 10, to give it the power to tell companies that they've been hacked after it has happened.
A new malicious program that encrypts files on Web servers has affected at least 100 websites over the past few weeks, signaling a new trend in ransomware development.
Password entry
Sample password protection policy
The password protection policy of a large financial services institution with more than 5,000 employees.
Read Now
The program, which is written in PHP, is called CTB-Locker, a name also used by one of the most widespread ransomware programs for Windows computers. It's not
In this report, you will learn detailed statistics about cloud security and DDoS and web application attack trends observed across the Akamai networks for Q4 2015.
This is the first time that this capability has been offered “as a service” in Brazil, with access sold for a monthly R$100 fee (approximately US$25). The person behind this service is believed to be a teenager from São