Hackers Used Zero-Days to Infect Windows and Android Devices

Hackers Used Zero-Days to Infect Windows and Android Devices

This story originally appeared on Ars Technica, a trusted source for technology news, tech policy analysis, reviews, and more.This story originally appeared on Ars Technica, a trusted source for technology news, tech policy analysis, reviews, and more.📩 Want the latest on tech, science, and more?

The SolarWinds Hackers Shared Tricks With a Notorious Russian Spy Group

The SolarWinds Hackers Shared Tricks With a Notorious Russian Spy Group

On Monday morning Kaspersky published new evidence of technical similarities between malware used by the mysterious SolarWinds hackers, known by security industry names including UNC2452 and Dark Halo, and the well-known hacker group Turla, believed to be Russian in origin and also known by the names Venomous Bear and Snake.

The Russian Hackers Playing 'Chekhov's Gun' With US Infrastructure

The Russian Hackers Playing 'Chekhov's Gun' With US Infrastructure

Last week the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency published an advisory warning that a group known as Berserk Bear—or alternately Energetic Bear, TEMP.Isotope, and Dragonfly—had carried out a broad hacking campaign against US state, local, territorial, and tribal government agencies, as well aviation sector targets.

The Unsinkable Maddie Stone, Google’s Bug-Hunting Badass

The Unsinkable Maddie Stone, Google’s Bug-Hunting Badass

Finding previously undiscovered software bugs and motivating developers to patch them quickly is core to the group’s mission: “Make zero-day hard.” But in 2019, the team broadened its focus beyond just disclosing unique zero-days the researchers found themselves to tracking and studying those that hackers actively exploit in the wild—the exact types of flaws Stone had been stamping out on Android.“The key thing to remember is that the problem we’re working on is not theoretical.

The US Sanctions Russians For Potentially ‘Fatal’ Triton Malware

The US Sanctions Russians For Potentially ‘Fatal’ Triton Malware

Today the US Treasury imposed sanctions on Russia's Central Scientific Research Institute of Chemistry and Mechanics, the organization that exactly two years ago was revealed to have played a role in the hacking operation that used that malware known as Triton or Trisis, intended to sabotage the Petro Rabigh refinery's safety devices.

US Indicts Sandworm, Russia's Most Destructive Cyberwar Unit

US Indicts Sandworm, Russia's Most Destructive Cyberwar Unit

The indictment also lays out new details of Sandworm's targeting of the nation of Georgia in 2019, which included an attempt to compromise the Georgian parliament in addition to a previously known campaign of web defacements across the country's internet, affecting 15,000 sites .Perhaps most significantly, the criminal charges mark the first global law enforcement response targeting Sandworm's hackers for their release of the NotPetya malware that ravaged networks across the world .

A China-Linked Group Repurposed Hacking Team’s Stealthy Spyware

A China-Linked Group Repurposed Hacking Team’s Stealthy Spyware

The malware the Kaspersky researchers discovered uses its UEFI foothold to plant a second, more traditional piece of spyware on the computer's hard drive, a unique piece of code Kaspersky has called MosaicRegressor.

Facebook Shut Down Malware That Hijacked Accounts to Run Ads

Facebook Shut Down Malware That Hijacked Accounts to Run Ads

Today at the digital Virus Bulletin security conference, Facebook researchers presented a detailed picture of how the malware, dubbed SilentFade, actually works and some of its novel methods, including proactively blocking a user's notifications so the victim wouldn't be aware that anything was amiss.

Hackers Target Porn Site Visitors Using Flash and Internet Explorer

Hackers Target Porn Site Visitors Using Flash and Internet Explorer

Hartford invested roughly $500,000 last year to improve its cybersecurity defenses, and officials said that while this did not stop the attack, it did help the city recover quickly.📩 Want the latest on tech, science, and more?

Apple Accidentally Approved Malware to Run on MacOS

Apple Accidentally Approved Malware to Run on MacOS

Wardle notified Apple about the rogue software on August 28 and the company revoked the Shlayer notarization certificates that same day, neutering the malware anywhere that it was installed and for future downloads.

ATM Hackers Have Picked Up Some Clever New Tricks

ATM Hackers Have Picked Up Some Clever New Tricks

Criminals have increasingly tuned their malware to manipulate even niche proprietary bank software to cash out ATMs, while still incorporating the best of the classics—including uncovering new remote attacks to target specific ATMs. During Black Hat, Kevin Perlow, the technical threat intelligence team lead at a large, private financial institution, analyzed two cash-out tactics that represent different current approaches to jackpotting.

The NSA and FBI Expose Fancy Bear's Sneaky Hacking Tool

The NSA and FBI Expose Fancy Bear's Sneaky Hacking Tool

The attack has some important limitations, but it's a good reminder that modern telephony still has more than its share of security holes—and 5G isn't looking that much better .Crooks Use 'Russian SIMs' to Outfox Law EnforcementMotherboard this week took a deep dive down the rabbit hole of Russian SIMs, also known as white SIMs, that let criminals spoof phone numbers at will, or in some cases allow for real-time voice manipulation.

New Mac Ransomware Is Even More Sinister Than It Appears

New Mac Ransomware Is Even More Sinister Than It Appears

In addition to ransomware, ThiefQuest has a whole other set of spyware capabilities that allow it to exfiltrate files from an infected computer, search the system for passwords and cryptocurrency wallet data, and run a robust keylogger to grab passwords, credit card numbers, or other financial information as a user types it in.

The Confessions of Marcus Hutchins, the Hacker Who Saved the Internet

The Confessions of Marcus Hutchins, the Hacker Who Saved the Internet

With the specter of the SUV fully exorcised from his mind, he rolled another spliff with the last of his weed, smoked it as he ate his burger, and then packed his bags for the airport, where he was scheduled for a first-class flight home to the UK.Hutchins was coming off of an epic, exhausting week at Defcon, one of the world's largest hacker conferences, where he had been celebrated as a hero.

Spies Say Covid-19 Isn't Manmade

Spies Say Covid-19 Isn't Manmade

Kicking white nationalists and other extremists off of your platform also seems like it shouldn't be controversial, and yet Steam continues to give neo-Nazis and other bad actors a wide berth .We also took a look at a hacking group that managed to sneak malware into the Google Play Store repeatedly over several years.

Clearview AI's Massive Client List Got Hacked

Clearview AI's Massive Client List Got Hacked

A declassified study by the intelligent community’s Privacy and Civil Liberties Oversight Board shared with Congress this week revealed that the metadata program cost $100 million, and only on two occasions produced information that the FBI didn’t already possess.

Gmail Is Catching More Malicious Attachments With Deep Learning

Gmail Is Catching More Malicious Attachments With Deep Learning

Currently 56 percent of malware threats against Gmail users come from Microsoft Office documents, and 2 percent come from PDFs. In the months that it's been active, the new scanner has increased its daily malicious Office document detection by 10 percent.

An AI Virus Warning System, Mac Malware, and More News

An AI Virus Warning System, Mac Malware, and More News

But a Canadian health monitoring platform sent news of the outbreak to its customers more than a week earlier , on December 31.

The Sneaky Simple Malware That Hits Millions of Macs

The Sneaky Simple Malware That Hits Millions of Macs

But given that over 100 million people use macOS, and it hits at least 10 percent of those with Kaspersky installed, it’s reasonable to assume that millions of Mac users deal with it every year.

An Alarming Windows Bug, a Triumph for Tesla, and More News

An Alarming Windows Bug, a Triumph for Tesla, and More News

Tesla is surging and Microsoft is purging, but first: a cartoon about wedding software updates .Here's the news you need to know, in two minutes or less.This stock surge may be a sign the company has finally figured out how to deliver on its promises and execute them smoothly.

This Government-Subsidized Phone Comes With Malware

This Government-Subsidized Phone Comes With Malware

An Android phone subsidized by the US government for low-income users comes preinstalled with malware that can't be removed without making the device cease to work, researchers reported on Thursday.

How Iran's Hackers Might Strike Back After Soleimani's Assassination

How Iran's Hackers Might Strike Back After Soleimani's Assassination

Iran has used wipers like Shamoon and Stone Drill to inflict waves of disruption across neighboring countries in the Middle East, starting with an attack in 2012 that destroyed 30,000 Saudi Aramco computers.

The Most Dangerous People on the Internet This Decade

The Most Dangerous People on the Internet This Decade

But it makes a few very notable exceptions, including for the North Korean hackers broadly known as Lazarus, which has carried out some of the most aggressive hacking operations ever seen online.

Hackers Can Mess With Voltages to Steal Intel Chips' Secrets

Hackers Can Mess With Voltages to Steal Intel Chips' Secrets

But by momentarily undervolting a processor by 25 or 30 percent, and precisely timing that voltage change, an attacker can cause the chip to make errors in the midst of computations that use secret data.

The First BlueKeep Mass Hacking Is Finally Here—but Don't Panic

The First BlueKeep Mass Hacking Is Finally Here—but Don't Panic

But this is the first instance where I’ve seen it being used on a mass scale," says Marcus Hutchins, a malware researcher for security firm Kryptos Logic who was one of the first to build a working proof-of-concept for the BlueKeep vulnerability.

Russian Hackers Are Still Targeting the Olympics

Russian Hackers Are Still Targeting the Olympics

Microsoft notes that the hackers, long believed to be working in the service of the Russian military intelligence agency known as the GRU, began their attacks on September 16, just ahead of reports that the Worldwide Anti-Doping Agency had found "inconsistencies" in Russian athletes' compliance with anti-doping standards, which may lead to the country's ban from the 2020 Tokyo Olympics, just as they were from the Pyeongchang Winter Games in 2018.

Apple Finally Breaks Its Silence on iOS Hacking Campaign

Apple Finally Breaks Its Silence on iOS Hacking Campaign

"Project Zero posts technical research that is designed to advance the understanding of security vulnerabilities, which leads to better defensive strategies," wrote a Google spokesperson in response to Apple's statement.

Cops Take Over a Botnet to Clear Malware Off Nearly a Million PCs

Cops Take Over a Botnet to Clear Malware Off Nearly a Million PCs

But with tensions between the US and China continuing to escalate , The Wall Street Journal reported this week that the effort might not survive a national security review.

Hackers Can Turn Everyday Speakers Into Acoustic Cyberweapons

Hackers Can Turn Everyday Speakers Into Acoustic Cyberweapons

But Matt Wixey, cybersecurity research lead at the technology consulting firm PWC UK, says that it’s surprisingly easy to write custom malware that can induce all sorts of embedded speakers to emit inaudible frequencies at high intensity, or blast out audible sounds at high volume.

Adware Is the Malware You Should Actually Be Worried About

Adware Is the Malware You Should Actually Be Worried About

Distributed largely through the third-party Android app store 9Apps, the adware was originally a more clunky, obvious type of malware that masqueraded as legitimate apps but asked for a suspicious number of device permissions to run and displayed a lot of intrusive ads.