The discovery of a new API bug in Google+ has led Google to hasten the shuttering of its consumer version of the social-networking platform, the tech giant said.
Google was already in the process of shutting down Google+ after a different API software bug in the platform, disclosed in October, left the company embroiled in a privacy scandal. However, the discovery of this newer bug – which impacts a whopping 52.5 million users – has now led the tech company to move up the timetable for discontinuing its platform.
Read more about the accelerated Google+ shutdown after the discovery of a bug affecting 52.5 million users, on Threatpost.
The 96-page report said Equifax lacked clear lines of authority in its IT department, which meant important security measures weren’t put in place when they should have been. What’s more, the company’s collection of sensitive consumer information was spread out among out-of-date, custom-built systems, the report said.
Read more about the congressional report slamming Equifax on CNet.
The cyberespionage group referred to as MuddyWater has hit over 130 victims in 30 organizations from late September to mid-November, Symantec security researchers said in a report. Highly active over the past several months, MuddyWater was first detailed in 2017. Numerous attacks were linked to the group this year, when security researchers also noticed that the actor expanded its target list.
In late November, Trend Micro found a new PowerShell-based backdoor strikingly similar to malware employed by MuddyWater. Symantec too has noticed the new backdoor, and has named it Powemuddy. The threat actor, which Symantec refers to as Seedworm, has been focused on gathering intelligence on targets in the Middle East, Europe and North America.
A fake Volkswagen campaign is making its way across social media platforms, luring in victims with promises of a free Volkswagen car giveaway – but instead redirecting them to third-party ad servers.
Victims are first sent messages via WhatsApp or Facebook, purporting to be from Volkswagen and claiming it will give away up 20 free cars until the end of the year, researchers with Sucuri said. Targets of the scam are instructed to participate in the contest by clicking a link embedded in the message. However, the link attached to the messages sent via social media does not appear to collect personal information – but instead tries to re-direct victims to various advertising networks.
Read more about the Volkswagen scam campaign on Threatpost.
Fresh mass-email campaigns spreading the long-running Bagle worm have recently been spotted, affecting Microsoft Windows machines. These appear to be a throwback to an earlier time. Also referred to as Beagle, Bagel contains a backdoor that listens on TCP port 6777 which is hardcoded in the worm’s body. This backdoor component provides remote access to the infected computer and can be used to download and execute other malware.
The bad code was first seen in January 2004, and since then has morphed to spawn plenty of different variants. The latest campaigns are going old-school, according to researchers at Comodo. They involve the use of the very first two variants of the worm, Bagle.A and Bagel.B.
Read more about the spam campaigns relying on old worms on Threatpost.
A recently discovered piece of malware targeting Mac systems is a combination of two open-source programs, Malwarebytes security researchers warn. Detected as DarthMiner, the threat is distributed through an application called Adobe Zii, which supposedly helps in the piracy of various Adobe programs, but which in this case does nothing of the sort.
The fake application was designed to run a shell script that downloads and executes a Python script, and then downloads and runs an app named sample.app, which appears to be a version of Adobe Zii, most likely to hide the malicious activity.
A new version of ransomware that first surfaced about two years ago is garnering attention for its ability to spread via as many as ten different vulnerabilities in Windows and Linux server platforms.
“Lucky,” as the new malware is called, is a variant of Satan, a data encryption tool that first became available via a ransomware-as-a-service offering in January 2017. Like Satan, Lucky also is worm-like in behavior and capable of spreading on its own with no human interaction at all. Security vendor NSFocus spotted the variant on systems belonging to some of its financial services customers in late November, and described it as likely to cause extensive infections worldwide.
Hackers have set off in motion a massive campaign that scans for Internet-exposed Ethereum wallets and mining equipment. The mass-scan campaign has been raging for at least a week, since December 3.
Attackers are scanning for devices with port 8545 exposed online. This is the standard port for the JSON-RPC interface of many Ethereum wallets and mining equipment. This interface is a programmatic API that locally-installed apps and services can query for mining and funds-related information. In theory, this programmatic interface should be only exposed locally, but some wallet apps and mining equipment enable it on all interfaces.
Read more about the massive Ethereum hacking campaign on ZDNet.
It has now become a tradition among cyber-security firms to issue a series of predictions for the upcoming year. While some companies have their malware analysts or their CEOs put out small lists of predictions, others go completely overboard with podcasts and 100-page reports that are just a few pages short of a full book.
ZDNet’s Zero Day security blog has taken a look over most of these reports, has even reached out to some selected researchers, and has compiled a list of predictions most likely to happen next year.
Read the full “meta-list” of cybercrime predictions on ZDNet.
China summoned the US ambassador to Beijing to protest Canada’s detention of a senior executive of Chinese electronics giant Huawei at Washington’s behest, demanding the US cancel the order for her arrest.
The official Xinhua News Agency said Vice Foreign Minister Le Yucheng “lodged solemn representations and strong protests” with Ambassador Terry Branstad on Sunday against the detention of Huawei’s chief financial officer, Meng Wanzhou. Meng, who is reportedly suspected of trying to evade US trade curbs on Iran, was detained on Dec. 1 in Vancouver, Canada.