This story originally appeared on Ars Technica, a trusted source for technology news, tech policy analysis, reviews, and more.This story originally appeared on Ars Technica, a trusted source for technology news, tech policy analysis, reviews, and more.📩 Want the latest on tech, science, and more?
On Monday morning Kaspersky published new evidence of technical similarities between malware used by the mysterious SolarWinds hackers, known by security industry names including UNC2452 and Dark Halo, and the well-known hacker group Turla, believed to be Russian in origin and also known by the names Venomous Bear and Snake.
Last week the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency published an advisory warning that a group known as Berserk Bear—or alternately Energetic Bear, TEMP.Isotope, and Dragonfly—had carried out a broad hacking campaign against US state, local, territorial, and tribal government agencies, as well aviation sector targets.
Finding previously undiscovered software bugs and motivating developers to patch them quickly is core to the group’s mission: “Make zero-day hard.” But in 2019, the team broadened its focus beyond just disclosing unique zero-days the researchers found themselves to tracking and studying those that hackers actively exploit in the wild—the exact types of flaws Stone had been stamping out on Android.“The key thing to remember is that the problem we’re working on is not theoretical.
Today the US Treasury imposed sanctions on Russia's Central Scientific Research Institute of Chemistry and Mechanics, the organization that exactly two years ago was revealed to have played a role in the hacking operation that used that malware known as Triton or Trisis, intended to sabotage the Petro Rabigh refinery's safety devices.
The indictment also lays out new details of Sandworm's targeting of the nation of Georgia in 2019, which included an attempt to compromise the Georgian parliament in addition to a previously known campaign of web defacements across the country's internet, affecting 15,000 sites .Perhaps most significantly, the criminal charges mark the first global law enforcement response targeting Sandworm's hackers for their release of the NotPetya malware that ravaged networks across the world .
The malware the Kaspersky researchers discovered uses its UEFI foothold to plant a second, more traditional piece of spyware on the computer's hard drive, a unique piece of code Kaspersky has called MosaicRegressor.
Today at the digital Virus Bulletin security conference, Facebook researchers presented a detailed picture of how the malware, dubbed SilentFade, actually works and some of its novel methods, including proactively blocking a user's notifications so the victim wouldn't be aware that anything was amiss.
Wardle notified Apple about the rogue software on August 28 and the company revoked the Shlayer notarization certificates that same day, neutering the malware anywhere that it was installed and for future downloads.
Criminals have increasingly tuned their malware to manipulate even niche proprietary bank software to cash out ATMs, while still incorporating the best of the classics—including uncovering new remote attacks to target specific ATMs. During Black Hat, Kevin Perlow, the technical threat intelligence team lead at a large, private financial institution, analyzed two cash-out tactics that represent different current approaches to jackpotting.
The attack has some important limitations, but it's a good reminder that modern telephony still has more than its share of security holes—and 5G isn't looking that much better .Crooks Use 'Russian SIMs' to Outfox Law EnforcementMotherboard this week took a deep dive down the rabbit hole of Russian SIMs, also known as white SIMs, that let criminals spoof phone numbers at will, or in some cases allow for real-time voice manipulation.
In addition to ransomware, ThiefQuest has a whole other set of spyware capabilities that allow it to exfiltrate files from an infected computer, search the system for passwords and cryptocurrency wallet data, and run a robust keylogger to grab passwords, credit card numbers, or other financial information as a user types it in.
With the specter of the SUV fully exorcised from his mind, he rolled another spliff with the last of his weed, smoked it as he ate his burger, and then packed his bags for the airport, where he was scheduled for a first-class flight home to the UK.Hutchins was coming off of an epic, exhausting week at Defcon, one of the world's largest hacker conferences, where he had been celebrated as a hero.
Kicking white nationalists and other extremists off of your platform also seems like it shouldn't be controversial, and yet Steam continues to give neo-Nazis and other bad actors a wide berth .We also took a look at a hacking group that managed to sneak malware into the Google Play Store repeatedly over several years.
A declassified study by the intelligent community’s Privacy and Civil Liberties Oversight Board shared with Congress this week revealed that the metadata program cost $100 million, and only on two occasions produced information that the FBI didn’t already possess.
Currently 56 percent of malware threats against Gmail users come from Microsoft Office documents, and 2 percent come from PDFs. In the months that it's been active, the new scanner has increased its daily malicious Office document detection by 10 percent.
But given that over 100 million people use macOS, and it hits at least 10 percent of those with Kaspersky installed, it’s reasonable to assume that millions of Mac users deal with it every year.
Tesla is surging and Microsoft is purging, but first: a cartoon about wedding software updates .Here's the news you need to know, in two minutes or less.This stock surge may be a sign the company has finally figured out how to deliver on its promises and execute them smoothly.
Iran has used wipers like Shamoon and Stone Drill to inflict waves of disruption across neighboring countries in the Middle East, starting with an attack in 2012 that destroyed 30,000 Saudi Aramco computers.
But it makes a few very notable exceptions, including for the North Korean hackers broadly known as Lazarus, which has carried out some of the most aggressive hacking operations ever seen online.
But this is the first instance where I’ve seen it being used on a mass scale," says Marcus Hutchins, a malware researcher for security firm Kryptos Logic who was one of the first to build a working proof-of-concept for the BlueKeep vulnerability.
Microsoft notes that the hackers, long believed to be working in the service of the Russian military intelligence agency known as the GRU, began their attacks on September 16, just ahead of reports that the Worldwide Anti-Doping Agency had found "inconsistencies" in Russian athletes' compliance with anti-doping standards, which may lead to the country's ban from the 2020 Tokyo Olympics, just as they were from the Pyeongchang Winter Games in 2018.
But with tensions between the US and China continuing to escalate , The Wall Street Journal reported this week that the effort might not survive a national security review.
But Matt Wixey, cybersecurity research lead at the technology consulting firm PWC UK, says that it’s surprisingly easy to write custom malware that can induce all sorts of embedded speakers to emit inaudible frequencies at high intensity, or blast out audible sounds at high volume.
Distributed largely through the third-party Android app store 9Apps, the adware was originally a more clunky, obvious type of malware that masqueraded as legitimate apps but asked for a suspicious number of device permissions to run and displayed a lot of intrusive ads.