Tag: malware

UEFI: Security, BIOS and the Internet of Things

One of the notable trends in recent years has been the drive, among malicious actors, to compromise devices in new- and hard-to-detect ways. An area of interest and exploration is malicious software that can attack a computer’s BIOS – the small bit of code that runs when a computing device is first powered on. BIOS malware is so powerful because it offers adversaries the possibility of getting a foothold on systems prior to an operating system and the security features- and applications that run there. Successful BIOS attacks give attackers almost total control over the system they are installed on. BIOS malware isn’t a new idea. In fact, it has been around since the late 1990s, when the Chernobyl Virus was identified. That virus could wipe a machine’s BIOS, a well as the contents of its hard drive. But BIOS threats have been getting more attention lately. Proof of concept malware appeared as recently […]

Continue Reading

Gameover Not The End: Zeus Malware Still Threatens Fortune 500

Prolexic, a division of Akamai, issued an advisory to Fortune 500 firms on Monday about what it calls “a high-risk threat of continued breaches from the Zeus framework.” The company’s Security Engineering & Response Team (PLXsert) said on Monday that it has observed new payloads from the Zeus crimeware kit in the wild, and that networks of Fortune 500 companies are a prime target. Cyber crime groups are using Zeus to steal login credentials and gain access to web-based enterprise applications, as well as online banking accounts, Akamai warned. “The Zeus framework is a powerhouse crimeware kit that enterprises need to know about to better defend against it,” said Stuart Scholly, senior vice president and general manager, Security Business Unit, Akamai, in a statement. “It’s hard to detect, easy to use, and flexible – and it’s being used to breach enterprises across multiple industries.” A variant of Zeus, Gameover, was the subject […]

Continue Reading

iPhone and iPad Hijacking: What You Need To Know

The past 24 hours has seen a spate of stories warning about a spate of ‘ransomware’ attacks on iPhones and iPads – especially in the the UK and Australia. According to the reports, compromised devices are locked and owners are instructed to email a ransom (variously: $100, $50, €100) to one “Oleg Pliss” to have their devices unlocked. These attacks aren’t really news. In fact, the Oleg Pliss scam appears to have been circulating for close to six months. However, it’s worthwhile reviewing what we do (and don’t) know about these latest attacks on mobile devices. Accordingly, Security Ledger has put together a short FAQ that tells you what you need to know about the latest mobile scam, and to dispel some of the rumors floating around in the Internet ether. What’s Going On? According to news reports and complaints on Apple Support forums, owners of iPhones and iPads are having their devices locked. […]

Continue Reading

Akamai: New DoS Tool Leads To Resurgence of SNMP Attacks

The security firm Akamai issued an advisory to customers on Thursday warning that a new software tool for managing distributed denial of service (DDoS) attacks was leading to a resurgence in large-scale attacks that use Simple Network Management Protocol (SNMP) traffic to overwhelm web sites.   The Threat Advisory (reg wall) was issued by Akamai’s Prolexic Security Engineering and Response Team (or PLXsert). According to the advisory, Akamai began noticing a resurgence in DDoS attacks using SNMP on April 11. The company said that firms in industry verticals including consumer goods, gaming, online hosting and Software-as-a-Service and non-profits had all been targeted.   [Read more Security Ledger coverage of DDoS attacks here.] The company has identified new- and updated tools in the cyber underground, including one dubbed SNMP Reflector – that are enabling the attacks. Simple Network Management Protocol (SNMP) is a protocol that is used for managing devices on a network including […]

Continue Reading

Cisco: Microsoft Silverlight Exploits Fueling Drive-By Attacks

Cisco Systems is warning that Silverlight exploits are being used in a rash of drive-by-download attacks, many tied to malicious advertising (or ‘malvertising’) campaigns. Writing on Cisco’s blog, Levi Gundert of Cisco’s Threat Research Analysis and Communications (TRAC) team said that Silverlight exploits are the “flavor of the month” and have been added to the popular Angler exploit kit since late April. “Since April 23rd we have observed substantial traffic (often from Malvertising) being driven to Angler instances partially using Silverlight exploits,” Gundert wrote. Attacks leveraging vulnerable instances of Silverlight are actually outstripping attacks against Java and Adobe Flash – the two platforms that have long been the preference of cyber criminal groups and exploit kit authors. Silverlight was the subject of a patch in March, MS04-014, to fix a vulnerability that could allow remote attackers to bypass a security feature. The vulnerability would allow an attacker who controls an attack website to launch specially […]

Continue Reading
1 37 38 39 40 41 57