TweakTown NewsRefine News by Category:
Newer generations of malware are finding their way to virtual machines - and instead of fleeing like before - are still executing when on VM. At least 70 percent of companies plan to utilize server virtualization by the end of 2015, so malware reaching the virtual machines could prove problematic.
In a study of 200,000 malware samples, analyzed on both VM and non-VM machines by Symantec, only 18 percent wouldn't operate on a virtual machine.
"The host server, as well as any virtual machine running on it, needs to be protected against malware," said Liam O'Murch, Symantec Security Response researcher, in a statement to SCMagazine. "To achieve this, advanced malware protection with proactive components that go beyond the classical static antivirus scanner needs to be in place. This can be agentless on the hypervisor or in the guest image themselves."
Suspected foreign-based cyberattackers hit the Tuscaloosa Police Department earlier in the week, disrupting phone lines at the Alabama station for a short time. The distributed denial-of-service (DDoS) attack took place 5:30 p.m. local time on Tuesday, with the phone system slammed by irrelevant phone calls.
Cyberattacks are not uncommon, but are highly disruptive when they hit police and emergency responders. The TPD is working with federal authorities and will no longer allow blocked numbers or international phone numbers to dial non-911 administration lines. The changes will have no impact on 911 emergency lines reaching the call center, officials noted.
Another local business received up to 184 phone calls in a short time before unplugging the phone - with the caller reportedly saying they were trying to collect a debt.
An unnamed 19-year-old software engineering student, identified only as "Li," was arrested just 17 hours after his "Heart App" Google Android malware infected more than 100,000 phones. The malware was able to spread so quickly by relying on the contact lists of compromised devices, with users downloading the fake app, which then sent out a text urging users to download the app as well.
Chinese wireless carriers were quick to block more than 20 million infected messages from being sent out to new users. The 19-year-old will be identified following completion of the investigation by Shenzhen police, where the student went for vacation. It seems the custom malware was designed just as proof of his ability to write code.
To uninstall the malware, Sophos recommends the following: head to Settings | Apps | Downloaded and uninstall XXshenqi app.
Although the U.S. government is desperate to improve its own cyber defense ability, the NSA already has sophisticated cyberwarfare tools at its disposal. A custom program is able to track down cyberattacks from foreign-based criminals, and then can respond with an attack in an automated fashion without a security specialist present.
Dubbed "MonsterMind," the NSA uses the software to identify traffic patterns - likely from Eastern Europe and China - able to block attacks from damaging U.S. infrastructure and automatically respond against attackers.
"The government has used excessive secrecy to prevent real debate over the wisdom and legality of many of its most sweeping surveillance programs," said Alex Abdo, ACLU staff attorney, in an email to ComputerWorld. " This newly described program is just another example of that secrecy. If the government truly is scanning all internet traffic coming into the United States for suspicious content, that would raise significant civil liberties questions."
New "security intelligence" has led Manchester United to ban tablets and laptops from the Old Trafford stadium located in Old Trafford, Greater Manchester. Greater Manchester Police will not be involved in the ban, and includes both smaller and larger tablets. Smartphones that are 5.9" x 3.9" or smaller will still be allowed into the arena without a problem.
Stadium officials noted it would be "impractical" for each fan to power up tablets and laptops as they enter the arena - unlike at airports, where passengers will be able to quickly show that they have a legitimate electronic device.
The first two quarters of 2014 again revealed cyberthreats, data breaches and high-risk cyber vulnerabilities that companies struggle to keep up with, according to a new report from security firm Trend Micro.
Consumers face issues such as data theft of customer names, passwords, email addresses, home addresses, phone numbers, and birth dates. Cybercriminals are finding ways to steal this type of information directly from consumers, or compromising companies.
"Organizations must treat information security as a primary component of a long-term business strategy rather than handling security issues as a tertiary, minor setbacks," said Raimund Genes, Trend Micro CTO, in a press statement. "Similar to having a business strategy to improve efficiency, a well-thought-out security strategy should also improve current protection practices that achieve long-term benefits. The incidents observed during this quarter further establish the need for a more comprehensive approach to security."
The "I am the Calvary" security group hopes to bridge the gap between automakers and security researchers, in an effort to keep connected vehicles more secure. The group wants to see the following: design security, development and testing phase, collaboration with researchers, and helping automakers provide assurance of connected security updates.
"We don't need to wait for bad things [to happen] before starting to take safety into our design [considerations]," said Joshua Corman, Sonatype CTO and I am the Calvary co-founder, in a statement. "It takes a very long time to develop technologies and get them in the market. What we start today may not manifest for several years."
As newer vehicles rely on connected features, such as GPS, radio, and other Internet-based solutions, there is growing concern cybercriminals will be able to exploit these new features.
A new spear phishing attempt posing as a message from the Clearview Federal Credit Union has led to an investigation from the FBI, with messages asking both members and non-members about their accounts. The attacks include phone calls, emails and text messages, warning of debit card suspensions because of "an error of (Clearview's) internal processors."
Spear phishing attacks targeted selected groups with custom attacks, as cybercriminals try to compromise users as quickly and efficiently as possible. The stolen data is quickly sold or traded online, with criminals moving on to other targets.
"It's important to be cognizant of ways to protect your individual identity," said Christianne Gribben, Clearview spokeswoman, in a public statement. "If anyone has submitted their personal information through these avenues, member or not, they should contact their financial institutions immediately."
Organized cybercriminals are targeting Eastern Bloc politicians and embassies, and it's still unknown who is behind the attacks, according to security firm Symantec. The attack began with a former Soviet Union country infected, which led to 60 other computers being compromised - and the infections spread throughout the rest of the year and into 2013.
"Because of the targets chosen and the advanced nature of the malware used, Symantec believes that a state-sponsored group was behind these attacks," according to Symantec. "The current campaign is the work of a well-resourced and technically competent attack group that is capable of penetrating many network defenses. It is focused on targets that would be of interest to a nation state, with spying and theft of sensitive data among its objectives."
There is growing concern of state-sponsored attacks against political rivals, with China and Russia typically blamed - but groups stemming from Iran and other foreign governments have stepped up their cyber initiatives to conduct cyberespionage.
Florida-based TotalBank is informing around 72,500 of its customers of a data breach that involves personal information ranging from names, banking information, account balances, PIN numbers, and possible Social Security numbers.
"An unauthorized third party" was able to compromise the TotalBank network, with bank officials notifying customers starting in early July. "The information did not include customer passwords or the type of information that would allow access to your bank account, which remains secure," said Luis de la Aguilera, TotalBank President and CEO.
There is a stronger call for the U.S. government to force banks - which already have stricter security protocols in place - to keep their customers safe. Cybercriminals find it extremely easy to sell and trade bulk information in organized underground forums.