Tag: Cyber Security

Google Accelerates Google+ Shutdown After New Bug Discovered

The discovery of a new API bug in Google+ has led Google to hasten the shuttering of its consumer version of the social-networking platform, the tech giant said.

Google was already in the process of shutting down Google+ after a different API software bug in the platform, disclosed in October, left the company embroiled in a privacy scandal. However, the discovery of this newer bug – which impacts a whopping 52.5 million users – has now led the tech company to move up the timetable for discontinuing its platform.

Read more about the accelerated Google+ shutdown after the discovery of a bug affecting 52.5 million users, on Threatpost.

Congressional committee slams Equifax in report on data breach

Equifax didn’t take steps to prevent a massive data breach in 2017 that allowed hackers to steal the personal information of 147.7 million Americans from its servers. It wasn’t ready to handle the aftermath, either. That’s the takeaway from a House Oversight Committee report (PDF), released Monday, which calls the breach “entirely preventable.”

The 96-page report said Equifax lacked clear lines of authority in its IT department, which meant important security measures weren’t put in place when they should have been. What’s more, the company’s collection of sensitive consumer information was spread out among out-of-date, custom-built systems, the report said.

Read more about the congressional report slamming Equifax on CNet.

Highly Active MuddyWater Hackers Hit 30 Organizations in 2 Months

The cyberespionage group referred to as MuddyWater has hit over 130 victims in 30 organizations from late September to mid-November, Symantec security researchers said in a report. Highly active over the past several months, MuddyWater was first detailed in 2017. Numerous attacks were linked to the group this year, when security researchers also noticed that the actor expanded its target list.

In late November, Trend Micro found a new PowerShell-based backdoor strikingly similar to malware employed by MuddyWater. Symantec too has noticed the new backdoor, and has named it Powemuddy. The threat actor, which Symantec refers to as Seedworm, has been focused on gathering intelligence on targets in the Middle East, Europe and North America.

Read more about the MuddyWater campaign on SecurityWeek.

Volkswagen Giveaway Scam Peddles Ad Networks

A fake Volkswagen campaign is making its way across social media platforms, luring in victims with promises of a free Volkswagen car giveaway – but instead redirecting them to third-party ad servers.

Victims are first sent messages via WhatsApp or Facebook, purporting to be from Volkswagen and claiming it will give away up 20 free cars until the end of the year, researchers with Sucuri said. Targets of the scam are instructed to participate in the contest by clicking a link embedded in the message. However, the link attached to the messages sent via social media does not appear to collect personal information – but instead tries to re-direct victims to various advertising networks.

Read more about the Volkswagen scam campaign on Threatpost.

Old-School Bagle Worm Spotted in Modern Spam Campaigns

Fresh mass-email campaigns spreading the long-running Bagle worm have recently been spotted, affecting Microsoft Windows machines. These appear to be a throwback to an earlier time. Also referred to as Beagle, Bagel contains a backdoor that listens on TCP port 6777 which is hardcoded in the worm’s body. This backdoor component provides remote access to the infected computer and can be used to download and execute other malware.

The bad code was first seen in January 2004, and since then has morphed to spawn plenty of different variants. The latest campaigns are going old-school, according to researchers at Comodo. They involve the use of the very first two variants of the worm, Bagle.A and Bagel.B.

Read more about the spam campaigns relying on old worms on Threatpost.

New Mac Malware Combines Open-Source Backdoor and Crypto-Miner

A recently discovered piece of malware targeting Mac systems is a combination of two open-source programs, Malwarebytes security researchers warn. Detected as DarthMiner, the threat is distributed through an application called Adobe Zii, which supposedly helps in the piracy of various Adobe programs, but which in this case does nothing of the sort.

The fake application was designed to run a shell script that downloads and executes a Python script, and then downloads and runs an app named sample.app, which appears to be a version of Adobe Zii, most likely to hide the malicious activity.

Read more about the new Mac malware on SecurityWeek.

Satan Ransomware Variant Exploits 10 Server-Side Flaws

A new version of ransomware that first surfaced about two years ago is garnering attention for its ability to spread via as many as ten different vulnerabilities in Windows and Linux server platforms.

“Lucky,” as the new malware is called, is a variant of Satan, a data encryption tool that first became available via a ransomware-as-a-service offering in January 2017. Like Satan, Lucky also is worm-like in behavior and capable of spreading on its own with no human interaction at all. Security vendor NSFocus spotted the variant on systems belonging to some of its financial services customers in late November, and described it as likely to cause extensive infections worldwide.

Read more about Lucky ransomware on DarkReading.

Hackers ramp up attacks on mining rigs before Ethereum price crashes into the gutter

Hackers have set off in motion a massive campaign that scans for Internet-exposed Ethereum wallets and mining equipment. The mass-scan campaign has been raging for at least a week, since December 3.

Attackers are scanning for devices with port 8545 exposed online. This is the standard port for the JSON-RPC interface of many Ethereum wallets and mining equipment. This interface is a programmatic API that locally-installed apps and services can query for mining and funds-related information. In theory, this programmatic interface should be only exposed locally, but some wallet apps and mining equipment enable it on all interfaces.

Read more about the massive Ethereum hacking campaign on ZDNet.

Cybercrime and malware, 2019 predictions

It has now become a tradition among cyber-security firms to issue a series of predictions for the upcoming year. While some companies have their malware analysts or their CEOs put out small lists of predictions, others go completely overboard with podcasts and 100-page reports that are just a few pages short of a full book.

ZDNet’s Zero Day security blog has taken a look over most of these reports, has even reached out to some selected researchers, and has compiled a list of predictions most likely to happen next year.

Read the full “meta-list” of cybercrime predictions on ZDNet.

China summons US ambassador and warns of ‘grave consequences’ if Huawei’s CFO is not released

China summoned the US ambassador to Beijing to protest Canada’s detention of a senior executive of Chinese electronics giant Huawei at Washington’s behest, demanding the US cancel the order for her arrest.

The official Xinhua News Agency said Vice Foreign Minister Le Yucheng “lodged solemn representations and strong protests” with Ambassador Terry Branstad on Sunday against the detention of Huawei’s chief financial officer, Meng Wanzhou. Meng, who is reportedly suspected of trying to evade US trade curbs on Iran, was detained on Dec. 1 in Vancouver, Canada.

Read more about the new developments in this story on Business Insider.