Articles about Security

The Sednit group believed to have been involved in interference with the French election was also responsible for a phishing attack that used President Trump to lure in victims. Security firm ESET analyzed a phishing email with an attachment named Trump's_Attack_on_Syria_English.docx and found that it had the hallmarks of the well-known group.

The document was engineered to infect victims' computers with the Seduploader tool, and it did this by exploiting two vulnerabilities, one in Microsoft Word, and one in Windows. Sednit -- previously known as APT28, Fancy Bear, and Sofacy -- took advantage of a recently discovered Remote Code Execution vulnerability in Word (CVE-2017-0262) as well as a security hole in Windows (CVE-2017-0263) in executing the attack.

Continue reading →

Researchers at cyber security firm Bitdefender recently unveiled a new targeted attack and named it Netrepser. What makes this threat different from other APTs (advanced persistent threat) is that it was built with readily available software tools.

The goal of Netrepser, according to Bitdefender, is to steal data from government agencies. No information on which agencies were targeted. Netrepser uses multiple methods to get its tiny digital hands on the victim’s information, from keylogging, to password theft, to cookie theft. At the very heart of this tool is a "legitimate, yet controversial" recovery toolkit provided by Nirsoft.

Continue reading →

The security of Android has been questioned many times, but the general thinking is that installing apps from Google Play offers a decent level of protection. But research by Check Point shows that this is not the case due to a flaw in permissions.

The permission model used by Google grants apps installed from the Play Store extensive access, and opens up the risk of malware, ransomware and other threats. Google is aware of the problem, but does not plan to address it until the release of Android O, meaning that an unknown number of apps pose a risk to millions of users.

Continue reading →

We live in strange times when security software is needed for TVs -- although given recent WikiLeaks revelations, it's perhaps not entirely surprising -- but this is precisely what McAfee is providing. The security firm today announces an expansion of its partnership with Samsung, and this sees the company providing protective software that will be pre-installed on a range of devices.

As well as smart TVs, McAfee will also be offering security software for Samsung PCs and smartphones. A recent survey by McAfee found that consumer concerns "underscore the need for robust cross-device security," but is the company using this as a money-making venture?

Continue reading →

Ransomware is one of the most successful and profitable weapons in the cyber criminal's armory, partly because it leverages an old-fashioned crime in a new digital format.

A new study by Barracuda Networks reveals that 92 percent of people surveyed are concerned about ransomware hitting their organization, and 47 percent of respondents have been a victim of ransomware themselves.

Continue reading →

Whether it's due to a specific cyber attack, theft of data, or a wider criminal investigation, it's increasingly necessary to be able to capture evidence from mobile devices.

Forensic investigation software specialist Guidance Software is launching a new version of its EnCase product aimed at safely gathering data from mobiles.

Continue reading →

Data breaches not only cost businesses money in the short term, they can cause long term reputational damage as stolen details turn up for sale in dark corners of the internet.

Cyber security company Comodo is offering enterprises with more than 1,000 employees a free 'Company Threat Analysis' to determine if their sensitive information is for sale on the Dark Web and, if so, how to prevent compromises from happening again.

Continue reading →

It's no secret that most people are rubbish at choosing passwords -- it's something that's proved time and time again when the annual list of common passwords is released. To help overcome the problem, and hopefully increase the security of people's accounts, a team of researchers from the Carnegie Mellon University and the University of Chicago have created an open source password meter that provides advice about how to strengthen a password.

While it's quite common to encounter online forms that require you to create passwords that meet certain criteria, it still does not necessarily mean they are secure. CyLab Usable Privacy and Security Laboratory (CUPS), in conjunction with the Institute for Software Research, has created a tool that provides real-time feedback that helps to explain why a password is insecure, and offers tips about how to strengthen it.

Continue reading →

A number of people who were members of the dating website Guardian Soulmates had their email addresses exposed following a data breach. The exposure of usernames and email addresses led to some users receiving explicit emails.

Human error has been blamed for the breach, with site owner Guardian News and Media (GNM) saying that the problem stemmed from a third-party technology provider. The issues meant that private details were made available via users' public profiles.

Continue reading →

Google’s Project Zero identifies bugs and security flaws in commonly used software, and gives firms 90 days to patch them before going public. This is an approach which doesn’t always go down well -- a case in point being when Google recently released details of a Windows bug after Microsoft failed to patch it in time.

Now two Project Zero security researchers claim to have found a new critical remote code execution (RCE) vulnerability in Windows which they describe as the "worst in recent memory" and "crazy bad".

Continue reading →

Anyone using Microsoft Edge to "print to PDF" is advised to double-check their files after a strange bug was detected. The problem is reminiscent of a bug that afflicted Xerox photocopiers a couple of years ago, and sees the browser displaying one set of numbers and printing another.

Microsoft has confirmed the existence of the bug which has the potential to cause serious issues with mission-critical data. The person who originally reported the problem cites an example in which Windows 10's default web browser "displays 123456 in PDF but prints 114447."

Continue reading →

Endpoints are often the weakest links in any IT system, but protecting them effectively now means much more than simply guarding against malware.

As businesses rely more on the cloud and on web-based applications, the endpoint provides a gateway that can be vulnerable to attack.

Continue reading →

Anyone who downloaded the Mac video transcoder HandBrake in the last few days stands a 50 percent change of being infected with a Trojan. The download for version 1.0.7 of HandBrake was infected after the mirror download server was compromised.

The Trojan allows for an attacker to remotely access an infected computer, and a malware-laced version of the app was made available for download between May 2 and May 6. If you downloaded the app in this window, you're advised to check the SHA1/256 sum, and if you have gone as far as installing the software, there are steps to take to determine if you're infected and remove the malware if you are.

Continue reading →

WikiLeaks continues to release revealing documents from its Vault 7 cache. This time around the organization introduces us to a CIA tool called Archimedes -- previously known as Fulcrum.

As before, there is little to confirm whether or not the tool is still in active use -- or, indeed, if it has actually ever been used -- but the documentation shows how it can be installed on a LAN to perform a man-in-the-middle attack.

Continue reading →

Left-wing French presidential hopeful Emmanuel Macron has been hit by a "massive and coordinated" hack attack just before voters go to the polls. A 9GB cache of emails and photos was dumped as a torrent on Pastebin by a leaker by the name of EMLEAKS. The torrent was initially hosted on Archive.org.

It was quickly pulled offline, but not before it had spread far and wide on social media. Released just before midnight on Friday night, the leak was timed to prevent Macron from responding. French election rules forbid candidates from engaging in any form of campaigning immediately before polls open.

Continue reading →