Shamoon—the mysterious disk wiper that popped up out nowhere in 2012 and took out more than 35,000 computers in a Saudi Arabian-owned gas company before disappearing—is back. Its new, meaner design has been unleashed three time since November. What's more, a new wiper developed in the same style as Shamoon has been discovered targeting a petroleum company in Europe, where wipers used in the Middle East have not previously been seen.
The most common way for threat actors to compromise a network router is to attack it directly. The other and potentially more scalable way is to try and get individual users to unwittingly do it for them.
Security researchers at Kaspersky Lab have discovered a dangerous new Trojan dubbed Switcher that is designed to infect and hijack WiFi routers via compromised Android end user devices.
Planned operations and outpatient appointments have been cancelled at three hospitals in northeastern England after a computer virus infected a health service network, the National Health Service Trust said.
In a post on its website, the Northern Lincolnshire and Goole NHS Foundation Trust called the attack a "major incident" and said it had cancelled all planned operations, outpatient appointments and diagnostic procedures for Wednesday.
The miscreants behind the Nymaim malware dropper have updated their code to include better obfuscation and blacklisting against security software.
Analytics outfit Verint, which discovered the latest version and offers its analysis here, says the new code base targets phishing rather than the drive-by-download approach favoured by the original version of the malware.
A new mobile malware known as "CallJam" loves to continuously hit up premium phone numbers from the Android devices it infects.
Just like other Android trojans (such as Android.Xiny.19.origin and the DroidJack remote access tool), CallJam likes to masquerade as downloadable games in the official Google Play Store.
Specifically, this particular malware takes the form of a game called "Gems Chest for Clash Royale." As many as 500,000 people have downloaded the malicious app since someone first uploaded it to the Google Play Store back in May 2016.
Malware is nothing new, yet malware infections are on the rise – but why is that? Why aren’t the defences we have been putting in place for the past 20 years effective? Let’s look at why.
Malware creation is no longer in the hands of expert hackers. Anybody with a computer can make their own custom malware, given the prolific rise in malware-creation kits. Buy the software, point, click and you have your own custom malware. You can hide it in a PDF, a Microsoft Word document or ZIP file.
Once again, BitTorrent client Transmission has distributed malware to some users through an altered installer, with downloaders of the software on Aug. 28 and 29 probably infected by the "Keydnap" package.
The previous version of Keydnap required users to click on a maliciously formed file, which then opened the installer in Terminal. The malware then waited to install until the next app was launched, and popped up a dialog box asking for authentication.
HEI Hotels has issued a notice alerting its customers about a credit card breach. The company first became aware of the issue when its bank card processor told it there was a possible security issue at play. HEI Hotels initiated what it says was an “extensive forensic investigation,” which turned up malware installed on payment processing systems at certain hotels. The current list of affected locations includes hotels under the Marriott, Hyatt, and Westin chains, among others.
New analysis of the command and control panel and attack mechanisms of the Dridex banking Trojan shows the malware is being used in a wider range of malicious campaigns -- and likely by a different set of threat actors than before.
Spain-based security vendor buguroo says it recently was able to leverage a surprisingly easy-to-exploit weakness in the C&C infrastructure of Dridex to gain unprecedented visibility into how exactly the malware is being used.
A major UK newspaper is cleaning up its website after a criminals tried to deliver ransomware to thousands of its readers.
The attack affected the blogs section of The Independent newspaper's website, Joseph C. Chen, a fraud researcher with Trend Micro, said in a blog post Tuesday.
"We have already informed The Independent about this security incident and are working with them to contain the situation," Chen wrote. "For their part, the news website staff was quick to respond and take action to mitigate the risk this event posed to the website itself and its user base."
