The computer and software security thread
Re: The computer and software security thread
Powerful cyber spy tool linked to US-led effort
A powerful cyberspying tool can tap into millions of computers worldwide through secretly installed malware, security researchers say, with many signs pointing to a US-led effort.
A report released Monday by the Russia security firm Kaspersky Lab did not identify the source of the campaign but said it had similarities to Stuxnet, a cyberweapon widely believed to have been developed by the United States and Israel to thwart Iran's nuclear program.
Kaspersky said the campaign "surpasses anything known in complexity and sophistication" in terms of cyber spying, and had been used at least as far back as 2001 by a team dubbed "the Equation group."
"The Equation group is probably one of the most sophisticated cyber attack groups in the world; and they are the most advanced threat actor we have seen," the report said.
The spying relied on a computer worm Kaspersky dubbed "Fanny," often infecting a computer via a USB stick, and carried out at least two "exploits" to steal information from computers in the Middle East and Asia, the report said.
The evidence shows Equation and Stuxnet developers "are either the same or working closely together," the researchers said.
http://www.bangkokpost.com/tech/world-u ... ked-to-nsa
A powerful cyberspying tool can tap into millions of computers worldwide through secretly installed malware, security researchers say, with many signs pointing to a US-led effort.
A report released Monday by the Russia security firm Kaspersky Lab did not identify the source of the campaign but said it had similarities to Stuxnet, a cyberweapon widely believed to have been developed by the United States and Israel to thwart Iran's nuclear program.
Kaspersky said the campaign "surpasses anything known in complexity and sophistication" in terms of cyber spying, and had been used at least as far back as 2001 by a team dubbed "the Equation group."
"The Equation group is probably one of the most sophisticated cyber attack groups in the world; and they are the most advanced threat actor we have seen," the report said.
The spying relied on a computer worm Kaspersky dubbed "Fanny," often infecting a computer via a USB stick, and carried out at least two "exploits" to steal information from computers in the Middle East and Asia, the report said.
The evidence shows Equation and Stuxnet developers "are either the same or working closely together," the researchers said.
http://www.bangkokpost.com/tech/world-u ... ked-to-nsa
Who is the happier man, he who has braved the storm of life and lived or he who has stayed securely on shore and merely existed? - Hunter S Thompson
Re: The computer and software security thread
They must have hired a good private contractor. The U.S. government are not even able to build a working web page for health insurance after two and a half years and millions (probably billons) of dollars spent.
My brain is like an Internet browser; 12 tabs are open and 5 of them are not responding, there's a GIF playing in an endless loop,... and where is that annoying music coming from?
Re: The computer and software security thread
Such outcomes of government projects are intentional. The perfect project is one that's close enough to working as planned that congress continues to throw money at it for years or decades.hhfarang wrote:They must have hired a good private contractor. The U.S. government are not even able to build a working web page for health insurance after two and a half years and millions (probably billons) of dollars spent.
Firefox 36
'Firefox 36 arrives with full HTTP/2 support and a new design for Android tablets'
http://venturebeat.com/2015/02/24/firef ... d-tablets/
http://venturebeat.com/2015/02/24/firef ... d-tablets/
My brain is like an Internet browser; 12 tabs are open and 5 of them are not responding, there's a GIF playing in an endless loop,... and where is that annoying music coming from?
Re: The Digital Surgery
Has anybody run up against this virus? My friend in Australia just got hit with it a few days ago. She has had somebody clear it, but claims that she still has "locked" files.
Going on the date in the link, this should not still be active. Is it possible that it has come from another source?
They demanded $500 for the key, but she had somebody clear it for her without paying.
http://www.bbc.com/news/technology-28661463
Going on the date in the link, this should not still be active. Is it possible that it has come from another source?
They demanded $500 for the key, but she had somebody clear it for her without paying.
http://www.bbc.com/news/technology-28661463
May you be in heaven half an hour before the devil know`s you`re dead!
Re: The computer and software security thread
^ more on that type of virus...
"What to do if your computer is taken over by ransomware — a form of malware taking over the internet"
http://www.businessinsider.com/heres-wh ... are-2015-6
"What to do if your computer is taken over by ransomware — a form of malware taking over the internet"
http://www.businessinsider.com/heres-wh ... are-2015-6
My brain is like an Internet browser; 12 tabs are open and 5 of them are not responding, there's a GIF playing in an endless loop,... and where is that annoying music coming from?
Re: The computer and software security thread
You may see Flashplayer blocked warnings on Firefox and this would be why:
Firefox blacklists Flash player due to unpatched 0-day vulnerabilities
There's some drama going down in the Flash camp. Yesterday, because of two unpatched Hacking Team zero-day vulnerabilities, Mozilla blacklisted Adobe Flash Player 18.0.0.203, meaning Flash was disabled by default in Firefox. This morning, just a few moments ago, Adobe rushed out version 18.0.0.209, plugging the two vulnerabilities.
Meanwhile, over at Facebook, the company's new chief security officer called for Adobe to "announce an end-of-life date for Flash," so that we can finally "disentangle the dependencies and upgrade the whole ecosystem."
And if two Web giants weren't enough, Google recently announced that the next stable version of Chrome would "intelligently" block auto-playing Flash elements.
http://arstechnica.com/security/2015/07 ... abilities/
To update it go to Firefox Plugins, click update and follow onscreen instructions.
Firefox blacklists Flash player due to unpatched 0-day vulnerabilities
There's some drama going down in the Flash camp. Yesterday, because of two unpatched Hacking Team zero-day vulnerabilities, Mozilla blacklisted Adobe Flash Player 18.0.0.203, meaning Flash was disabled by default in Firefox. This morning, just a few moments ago, Adobe rushed out version 18.0.0.209, plugging the two vulnerabilities.
Meanwhile, over at Facebook, the company's new chief security officer called for Adobe to "announce an end-of-life date for Flash," so that we can finally "disentangle the dependencies and upgrade the whole ecosystem."
And if two Web giants weren't enough, Google recently announced that the next stable version of Chrome would "intelligently" block auto-playing Flash elements.
http://arstechnica.com/security/2015/07 ... abilities/
To update it go to Firefox Plugins, click update and follow onscreen instructions.
Who is the happier man, he who has braved the storm of life and lived or he who has stayed securely on shore and merely existed? - Hunter S Thompson
Re: The computer and software security thread
^ I didn't know why it was disabled by FireFox, but I'm finding that I kind of like it as mostly what is blocked are ads and unwanted pop-ups. And FireFox gives me a message at the top of the window that a "flash" was blocked (at least with the pop-ups) and gives me the option to unblock them on a one by one basis anyway.
My brain is like an Internet browser; 12 tabs are open and 5 of them are not responding, there's a GIF playing in an endless loop,... and where is that annoying music coming from?
Re: The Digital Surgery
How to protect yourself now from "shockwave flash" and other script vulnerabilities:
https://www.yahoo.com/tech/what-is-adob ... 58879.html
https://www.yahoo.com/tech/what-is-adob ... 58879.html
My brain is like an Internet browser; 12 tabs are open and 5 of them are not responding, there's a GIF playing in an endless loop,... and where is that annoying music coming from?
Re: The computer and software security thread
Android flaw lets hackers break in with text message
Cyber security firm Zimperium has warned of a flaw in the world's most popular smartphone Android operating system that lets hackers take control with a text message.
"Attackers only need your mobile number, using which they can remotely execute code via a specially crafted media file delivered via MMS (text message)," Zimperium Mobile Security said in a blog post.
"A fully weaponized successful attack could even delete the message before you see it. You will only see the notification."
Android code dubbed "Stagefright" was at the heart of the problem, according to Zimperium.
Stagefright automatically pre-loads video snippets attached to text messages to spare recipients from the annoyance of waiting to view clips.
Hackers can hide malicious code in video files and it will be unleashed even if the smartphone user never opens it or reads the message, according to research by Zimperium's Joshua Drake.
"The targets for this kind of attack can be anyone," the cyber security firm said, referring to Stagefright as the worst Android flaw discovered to date.
"These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited."
Malicious code executed by hackers could take control of smartphones and plunder contents without owners knowing.
http://www.bangkokpost.com/news/world/6 ... xt-message
Cyber security firm Zimperium has warned of a flaw in the world's most popular smartphone Android operating system that lets hackers take control with a text message.
"Attackers only need your mobile number, using which they can remotely execute code via a specially crafted media file delivered via MMS (text message)," Zimperium Mobile Security said in a blog post.
"A fully weaponized successful attack could even delete the message before you see it. You will only see the notification."
Android code dubbed "Stagefright" was at the heart of the problem, according to Zimperium.
Stagefright automatically pre-loads video snippets attached to text messages to spare recipients from the annoyance of waiting to view clips.
Hackers can hide malicious code in video files and it will be unleashed even if the smartphone user never opens it or reads the message, according to research by Zimperium's Joshua Drake.
"The targets for this kind of attack can be anyone," the cyber security firm said, referring to Stagefright as the worst Android flaw discovered to date.
"These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited."
Malicious code executed by hackers could take control of smartphones and plunder contents without owners knowing.
http://www.bangkokpost.com/news/world/6 ... xt-message
Who is the happier man, he who has braved the storm of life and lived or he who has stayed securely on shore and merely existed? - Hunter S Thompson
Re: The computer and software security thread
"Scammers Are Using Google Drive to Steal Your Logins – Here’s How to Stay Safe"
https://www.yahoo.com/tech/scammers-are ... 85634.html
https://www.yahoo.com/tech/scammers-are ... 85634.html
My brain is like an Internet browser; 12 tabs are open and 5 of them are not responding, there's a GIF playing in an endless loop,... and where is that annoying music coming from?
Re: The computer and software security thread
My brain is like an Internet browser; 12 tabs are open and 5 of them are not responding, there's a GIF playing in an endless loop,... and where is that annoying music coming from?
Re: The computer and software security thread
"Aggressive android ransomware in USA: Tricks users with adult videos"
http://www.welivesecurity.com/2015/09/1 ... n-the-usa/
http://www.welivesecurity.com/2015/09/1 ... n-the-usa/
My brain is like an Internet browser; 12 tabs are open and 5 of them are not responding, there's a GIF playing in an endless loop,... and where is that annoying music coming from?
Re: The computer and software security thread
Thailand at high risk for ransomware, malware
Ransomware attacks, exploit kits and ATM malware are the biggest cybersecurity threats in Thailand, says a global security software company.
"Thailand ranked among the top 10 countries in Asia-Pacific with the most number of ransomware attacks," said Myla Pilao, technology marketing director at Trend Micro.
In the first half of 2016, she said the number of ransomware-related attacks in Thailand accounted for 12% of Asia-Pacific's overall incidents and 1.5% of the total worldwide.
Ransomware has increased significantly in the first half of 2016, including a 172% rise in new ransomware families, and ransomware victims paid out over US$209 million, she said.
Ransomware is a type of malware that holds computers or files for ransom by encrypting files or locking the desktop or browser systems that are infected with it, then demanding a ransom in order to regain access.
Ms Pilao said ransomware is not just a threat for consumers to worry about, as it is being used in attacks on enterprises, particularly files related to databases.
ATM malware has been present the past decade in other regions, but recent incidents in Thailand show the country is now under threat, she said.
Ms Pilao said policymakers in Thailand should implement a disclosure regulation to mandate financial institutions disclose cyberincidents to the public.
To prevent such incidents, banks need to update their security patches for software and networks to prevent cyberattacks in their organisations.
Stricter measures are also needed to prevent suspicious activities such as physical attacks on ATM machines, she said.
Organisations should start re-evaluating their cybersecurity strategies and devise a multi-layered approach against ransomware, said Ms Pilao.
Piyatida Tanrakul, country manager of Trend Micro (Thailand), said in light of the recent ATM malware attacks in Thailand, local banks are beefing up their cybersecurity projects. They have promised to deploy new security systems within two months.
Mid-sized companies and the manufacturing sector are investing in cybersecurity solutions to prevent ransomware, she said.
http://www.bangkokpost.com/business/new ... ransomware
Ransomware attacks, exploit kits and ATM malware are the biggest cybersecurity threats in Thailand, says a global security software company.
"Thailand ranked among the top 10 countries in Asia-Pacific with the most number of ransomware attacks," said Myla Pilao, technology marketing director at Trend Micro.
In the first half of 2016, she said the number of ransomware-related attacks in Thailand accounted for 12% of Asia-Pacific's overall incidents and 1.5% of the total worldwide.
Ransomware has increased significantly in the first half of 2016, including a 172% rise in new ransomware families, and ransomware victims paid out over US$209 million, she said.
Ransomware is a type of malware that holds computers or files for ransom by encrypting files or locking the desktop or browser systems that are infected with it, then demanding a ransom in order to regain access.
Ms Pilao said ransomware is not just a threat for consumers to worry about, as it is being used in attacks on enterprises, particularly files related to databases.
ATM malware has been present the past decade in other regions, but recent incidents in Thailand show the country is now under threat, she said.
Ms Pilao said policymakers in Thailand should implement a disclosure regulation to mandate financial institutions disclose cyberincidents to the public.
To prevent such incidents, banks need to update their security patches for software and networks to prevent cyberattacks in their organisations.
Stricter measures are also needed to prevent suspicious activities such as physical attacks on ATM machines, she said.
Organisations should start re-evaluating their cybersecurity strategies and devise a multi-layered approach against ransomware, said Ms Pilao.
Piyatida Tanrakul, country manager of Trend Micro (Thailand), said in light of the recent ATM malware attacks in Thailand, local banks are beefing up their cybersecurity projects. They have promised to deploy new security systems within two months.
Mid-sized companies and the manufacturing sector are investing in cybersecurity solutions to prevent ransomware, she said.
http://www.bangkokpost.com/business/new ... ransomware
Who is the happier man, he who has braved the storm of life and lived or he who has stayed securely on shore and merely existed? - Hunter S Thompson
WannaCry: How to stay safe from the deadly ransomware if you own a Windows PC
"A deadly ransomware named WannaCrypt or WannaCry is holding hostage troves of data across the globe, until their owners pay up. The hackers are still unknown but institutions and individuals across nearly 100 countries have been infected with over 100,000 attacks.
The ransomware exploits a Windows vulnerability for which Microsoft released a patch but most older systems like Windows XP, Windows 2003 and more have failed to install it. Microsoft has acknowledged the great ransomware threat and issued security guidance for all Windows users on how to protect your data. ..."
https://www.yahoo.com/tech/wannacry-sta ... 31934.html
The ransomware exploits a Windows vulnerability for which Microsoft released a patch but most older systems like Windows XP, Windows 2003 and more have failed to install it. Microsoft has acknowledged the great ransomware threat and issued security guidance for all Windows users on how to protect your data. ..."
https://www.yahoo.com/tech/wannacry-sta ... 31934.html
My brain is like an Internet browser; 12 tabs are open and 5 of them are not responding, there's a GIF playing in an endless loop,... and where is that annoying music coming from?