#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Antivirus | Breaking Cybersecurity News | The Hacker News

New MacOS Malware, Signed With Legit Apple ID, Found Spying On HTTPS Traffic

New MacOS Malware, Signed With Legit Apple ID, Found Spying On HTTPS Traffic
Apr 28, 2017
Many people believe that they are much less likely to be bothered by malware if they use a Mac computer, but is it really true? Unfortunately, No. According to the McAfee Labs , malware attacks on Apple's Mac computers were up 744% in 2016, and its researchers have discovered nearly 460,000 Mac malware samples, which is still just a small part of overall Mac malware out in the wild. Today, Malware Research team at CheckPoint have discovered a new piece of fully-undetectable Mac malware, which according to them, affects all versions of Mac OS X, has zero detections on VirusTotal and is "signed with a valid developer certificate (authenticated by Apple)." Dubbed DOK , the malware is being distributed via a coordinated email phishing campaign and, according to the researchers, is the first major scale malware to target macOS users. The malware has been designed to gain administrative privileges and install a new root certificate on the target system, which allows

Webroot 'mistakenly' flags Windows as Malware and Facebook as Phishing site

Webroot 'mistakenly' flags Windows as Malware and Facebook as Phishing site
Apr 25, 2017
Popular antivirus service Webroot mistakenly flagged core Windows system files as malicious and even started temporarily removing some of the legit files, trashing user computers around the world. The havoc caused after the company released a bad update on April 24, which was pulled after approximately 15 minutes. But that still hasn't stopped some PCs from receiving it, causing serious issues for not just individuals, but also companies and organizations relying on the software. Webroot even Blocked Facebook According to the reports by many customers on social media and Webroot's forum , hundreds and even thousands of systems were broken down after antivirus software flagged hundreds of benign files needed to run Windows and apps that run on top of the operating system. The faulty update even caused the antivirus to incorrectly block access to Facebook after flagging the social network service as a phishing website, preventing users from accessing the social netw

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl
Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte

No More Ransom — 15 New Ransomware Decryption Tools Available for Free

No More Ransom — 15 New Ransomware Decryption Tools Available for Free
Apr 05, 2017
No More Ransom, so is the Ransomware Threat. Launched less than a year ago, the No More Ransom (NMR) project has increased its capacity with new partners and new decryption tools added to its now global campaign to combat Ransomware. Started as a joint initiative by Europol, the Dutch National Police, Intel Security and Kaspersky Lab, No More Ransom is an anti-ransomware cross-industry initiative to help ransomware victims recover their data without having to pay ransom to cyber criminals. The online website not just educates computer users to protect themselves from ransomware, but also provides a collection of free decryption tools. Since December, more than 10,000 victims from all over the world have been able to decrypt their locked up devices without spending a penny, using ransomware decryption tools available free of charge on this platform. Statistics show that most of the website visitors were from Russia, the Netherlands, the U.S., Italy, and Germany. The pla

Automated remediation solutions are crucial for security

cyber security
websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.

Hackers stole $800,000 from ATMs using Fileless Malware

Hackers stole $800,000 from ATMs using Fileless Malware
Apr 04, 2017
Hackers targeted at least 8 ATMs in Russia and stole $800,000 in a single night, but the method used by the intruders remained a complete mystery with CCTV footage just showing a lone culprit walking up to the ATM and collecting cash without even touching the machine. Even the affected banks could not find any trace of malware on its ATMs or backend network or any sign of an intrusion. The only clue the unnamed bank's specialists found from the ATM's hard drive was — two files containing malware logs. The log files included the two process strings containing the phrases: "Take the Money Bitch!" and "Dispense Success." This small clue was enough for the researchers from the Russian security firm Kaspersky, who have been investigating the ATM heists, to find malware samples related to the ATM attack. In February, Kaspersky Labs reported that attackers managed to hit over 140 enterprises, including banks, telecoms, and government organizations, in th

Dridex Banking Trojan Gains 'AtomBombing' Code Injection Ability to Evade Detection

Dridex Banking Trojan Gains ‘AtomBombing’ Code Injection Ability to Evade Detection
Mar 01, 2017
Security researchers have discovered a new variant of Dridex – one of the most nefarious banking Trojans actively targeting financial sector – with a new, sophisticated code injection technique and evasive capabilities called " AtomBombing ." On Tuesday, Magal Baz, security researcher at Trusteer IBM  disclosed new research, exposing the new Dridex version 4, which is the latest version of the infamous financial Trojan and its new capabilities. Dridex is one of the most well-known Trojans that exhibits the typical behavior of monitoring a victim's traffic to bank sites by infiltrating victim PCs using macros embedded in Microsoft documents or via web injection attacks and then stealing online banking credentials and financial data. However, by including AtomBombing capabilities, Dridex becomes the first ever malware sample to utilize such sophisticated code injection technique to evade detection. What is "AtomBombing" Technique? Code injection te

Critical Flaw in ESET Antivirus Exposes Mac Users to Remote Hacking

Critical Flaw in ESET Antivirus Exposes Mac Users to Remote Hacking
Feb 28, 2017
What could be more exciting for hackers than exploiting a vulnerability in a widely used software without having to struggle too much? One such easy-to-exploit, but critical vulnerability has been discovered in ESET's antivirus software that could allow any unauthenticated attackers to remotely execute arbitrary code with root privileges on a Mac system. The critical security flaw, tracked as CVE-2016-9892, in ESET Endpoint Antivirus 6 for macOS was discovered by Google Security Team's researchers Jason Geffner and Jan Bee at the beginning of November 2016. As detailed in the full disclosure , all a hacker needs to get root-level remote code execution on a Mac computer is to intercept the ESET antivirus package's connection to its backend servers using a self-signed HTTPS certificate, put himself in as a man-in-the-middle (MITM) attacker, and exploit an XML library flaw. The actual issue was related to a service named esets_daemon, which runs as root. The service

RansomFree Tool Detects Never-Seen-Before Ransomware Before It Encrypts Your Data

RansomFree Tool Detects Never-Seen-Before Ransomware Before It Encrypts Your Data
Dec 20, 2016
Ransomware has risen dramatically since last few years, so rapidly that it might have already hit you or someone you know. With hundred of thousands of ransomware variants emerging every day, it is quite difficult for traditional signature-based antivirus tools to keep their signature database up-to-date. So, if signature-based techniques are not enough to detect ransomware infection, then what else can we do? The solution is RansomFree . Boston-based cyber security firm Cybereason has released RansomFree — a real-time ransomware detection and response software that can spot most strains of Ransomware before it starts encrypting files and alert the user to take action. RansomFree is a free standalone product and is compatible with PCs running Windows 7, 8 and 10, as well as Windows Server 2010 R2 and 2008 R2. Instead of regularly updated malware signatures to fight the bad programs, RansomFree uses "behavioral and proprietary deception" techniques to detect ne

How to Protect All Your Internet-Connected Home Devices From Hackers

How to Protect All Your Internet-Connected Home Devices From Hackers
Dec 12, 2016
How many Internet-connected devices do you have in your home? I am surrounded by around 25 such devices. It's not just your PC, smartphone, and tablet that are connected to the Internet. Today our homes are filled with tiny computers embedded in everything from security cameras, TVs and refrigerators to thermostat and door locks. However, when it comes to security, people generally ignore to protect all these connected devices and focus on securing their PCs and smartphones with a good antivirus software or a firewall application. What if any of these connected devices, that are poorly configured or insecure by design, get hacked? It would give hackers unauthorized access to your whole network allowing them to compromise other devices connected to the same network, spy on your activities and steal sensitive information by using various sophisticated hacks. There have already been numerous cases of attackers hacking home appliances, industrial control, automotive, medic

Hacking Millions with Just an Image — Recipe: Pixels, Ads & Exploit Kit

Hacking Millions with Just an Image — Recipe: Pixels, Ads & Exploit Kit
Dec 07, 2016
If you have visited any popular mainstream website over the past two months, your computer may have been infected — Thanks to a new exploit kit discovered by security researchers. Researchers from antivirus provider ESET released a report on Tuesday stating that they have discovered an exploit kit, dubbed Stegano , hiding malicious code in the pixels of banner advertisements that are currently in rotation on several high profile news websites. Stegano originally dates back to 2014, but since early October this year, cyber crooks had managed to get the malicious ads displayed on a variety of unnamed reputable news websites, each with Millions of daily visitors. Stegano derived from the word Steganography , which is a technique of hiding messages and content inside a digital graphic image, making the content impossible to spot with the naked eye. In this particular malvertising campaign, operators hide malicious code inside transparent PNG image's Alpha Channel, which def

Antivirus Firm Kaspersky launches Its Own Secure Operating System

Antivirus Firm Kaspersky launches Its Own Secure Operating System
Nov 24, 2016
The popular cyber security and antivirus company Kaspersky has unveiled its new hack-proof operating system: Kaspersky OS . The new operating system has been in development for last 14 years and has chosen to design from scratch rather than relying on Linux. Kaspersky OS makes its debut on a Kraftway Layer 3 Switch , CEO Eugene Kaspersky says in his blog post , without revealing many details about its new operating system. The Layer of 3-switch is the very first tool for running the Kaspersky OS, which is designed for networks with extreme requirements for data security and aimed at critical infrastructure and Internet of Things (IoT) devices. What's new in Kaspersky OS than others? Kaspersky OS is based on Microkernel Architecture: The new secure OS is based on microkernel architecture that enables users to customize their own operating system accordingly. So, depending on a user's specific requirements, Kaspersky OS can be designed by using different modifica

Mac Malware Can Secretly Spy On Your Webcam and Mic – Here's How to Stay Safe

Mac Malware Can Secretly Spy On Your Webcam and Mic – Here's How to Stay Safe
Oct 06, 2016
Apple Mac Computers are considered to be much safer than Windows at keeping viruses and malware out of its environment, but that's simply not true anymore. It's not because Mac OS X is getting worse every day, but because hackers are getting smart and sophisticated these days. The bad news for Mac users is that malware targeting webcams and microphones has now come up for Mac laptops as well. Patrick Wardle, an ex-NSA staffer who heads up research at security intelligence firm Synack, discovered a way for Mac malware to tap into your live feeds from Mac's built-in webcam and microphone to locally record you even without detection. Wardle is the same researcher who has discovered a number of security weaknesses in Apple products, including ways to bypass the Gatekeeper protections in OS X. Wardle also released a free tool called RansomWhere? earlier this year that has generic detection capabilities for Mac OS X ransomware variants. Wardle is scheduled to present h

Warning! This Cross-Platform Malware Can Hack Windows, Linux and OS X Computers

Warning! This Cross-Platform Malware Can Hack Windows, Linux and OS X Computers
Sep 08, 2016
Unlike specially crafted malware specifically developed to take advantage of Windows operating system platform, cyber attackers have started creating cross-platform malware for wider exploitation. Due to the rise in popularity of Mac OS X and other Windows desktop alternatives, hackers have begun designing cross-platform malware modularly for wide distribution. Cross-platform malware is loaded with specialized payloads and components, allowing it to run on multiple platforms. One such malware family has recently been discovered by researchers at Kaspersky Lab, which run on all the key operating systems, including Windows, Linux, and Mac OS X. Stefan Ortloff, a researcher from Kaspersky Lab's Global Research and Analysis Team, first discovered the Linux and Windows variants of this family of cross-platform backdoor, dubbed Mokes , in January this year. Now, the researcher today confirmed the existence of an OS X variant of this malware family, explaining a technical breakd

First-Ever Ransomware For Smart Thermostat is Here — It's Hot!

First-Ever Ransomware For Smart Thermostat is Here — It's Hot!
Aug 08, 2016
Internet of Things (IoT) is the latest buzz in the world of technology, but they are much easier to hack than you think. Until now we have heard many scary stories of hacking IoT devices , but how realistic is the threat? Just think of a scenario where you enter in your house, and it's sweltering, but when you head on to check the temperature of your thermostat, you find out that it has been locked to 99 degrees. And guess what? Your room thermostat is demanding $300 in Bitcoins to regain its control. Congratulations, Your Thermostat has been Hacked! This is not just a hypothetical scenario; this is exactly what Ken Munro and Andrew Tierney of UK-based security firm Pen Test Partners have demonstrated at the DEFCON 24 security conference in Las Vegas last Saturday. Two white hat hackers recently showed off the first proof-of-concept (PoC) ransomware that infects a smart thermostat. Ransomware is an infamous piece of malware that has been known for locking up comput

Antivirus firm Avast to Buy its rival AVG for $1.3 Billion

Antivirus firm Avast to Buy its rival AVG for $1.3 Billion
Jul 07, 2016
Breaking News for Today: Antivirus company Avast Software is planning to acquire Dutch rival AVG Technologies for $1.3 Billion in cash. Avast announced today that it would buy Amsterdam-based AVG Technologies for $25 per share in an all-cash transaction valued at $1.3 Billion in an aim to expand its presence in the emerging markets. With more than 230 Million users worldwide, Avast provides free and paid security software packages for both PCs as well as mobile devices to businesses and individuals. The deal between the two popular security software companies will provide Avast with 400 Million endpoints -- devices that have some form of Avast or AVG application installed. Around 160 Million of those are mobile. However, AVG technologies was in controversies for updating its policy that clearly said that the company will be allowed to collect and sell users' "non-personal data" to online advertisers in order to "make money" from their "free of

Researcher releases Free Ransomware Detection Tool for Mac OS X Users

Researcher releases Free Ransomware Detection Tool for Mac OS X Users
Apr 20, 2016
In Brief: Introducing  RansomWhere , a free generic ransomware detection tool for Mac OS X users that can identify ransomware-like behavior by continually monitoring the file-system for the creation of encrypted files by suspicious processes. This ransomware detection tool helps to block the suspicious processes and waits for the user to decide whether to allow or stop the process. Ransomware has risen dramatically since last few years... so rapidly that it might have already hit someone you know. With hundred of thousands of ransomware samples emerging every day, it is quite difficult for traditional signature-based antivirus products to keep their signature database up-to-date. So, if signature-based techniques are not enough to detect ransomware infection , then what else can we do? Some Antivirus companies have already upgraded their security solutions that detect suspicious behaviors like the sequential accessing of a large number of files, using encryption algori

Apple's Mac OS X Still Open to Malware, Thanks Gatekeeper

Apple's Mac OS X Still Open to Malware, Thanks Gatekeeper
Jan 16, 2016
Apple Mac Computers are considered to be much safer than Windows computers at keeping out the viruses and malware, but the new Exploit discovered by researchers again proves it indeed quite false. Last year, The Hacker News reported a deadly simple exploit that completely bypassed one of the core security features in Mac OS X known as Gatekeeper . Apple released a patch in November, but now the same security researcher who discovered the original Gatekeeper bypass vulnerability said he found an equally obvious workaround. Patrick Wardle, ex-NSA staffer and head of research at security intelligence firm Synack, said the security patch released by Apple was " incredibly weak " and that the update was " easy to bypass " in minutes. Gatekeeper's Failure Once Again Introduced in July of 2012, Gatekeeper is Apple's anti-malware feature designed to block untrusted, dodgy apps from running, keeping Mac OS X systems safe from malware. Ho

'Ridiculous' Bug in Popular Antivirus Allows Hackers to Steal all Your Passwords

'Ridiculous' Bug in Popular Antivirus Allows Hackers to Steal all Your Passwords
Jan 12, 2016
If you have installed Trend Micro's Antivirus on your Windows computer, then Beware. Your computer can be remotely hijacked, or infected with any malware by even through a website – Thanks to a critical vulnerability in Trend Micro Security Software. The Popular antivirus maker and security firm Trend Micro has released an emergency patch to fix critical flaws in its anti-virus product that allow hackers to execute arbitrary commands remotely as well as steal your saved password from Password Manager built into its AntiVirus program. The password management tool that comes bundled with its main antivirus is used to store passwords by users and works exactly like any other password manager application. Even Websites Can Hack Into Your Computer Google's Project Zero security researcher, Tavis Ormandy, discovered the remote code execution flaw in Trend Micro Antivirus Password Manager component, allowing hackers to steal users' passwords. In short, o

Beebone Botnet Taken Down By International Cybercrime Taskforce

Beebone Botnet Taken Down By International Cybercrime Taskforce
Apr 10, 2015
U.S. and European law enforcement agencies have shut down a highly sophisticated piece of the botnet that had infected more than 12,000 computers worldwide , allowing hackers to steal victims' banking information and other sensitive data. The law enforcement agencies from the United States, United Kingdom and the European Union conducted a joint operation to get rid of the botnet across the globe and seized the command-and-control server that had been used to operate the nasty Beebone (also known as AAEH ) botnet . What's a Botnet? A botnet is a network of large number of computers compromised with malicious software and controlled surreptitiously by hackers without the knowledge of victims. Basically, a "botnet" is a hacker's "robot" that does the malicious work directed by hackers. Hackers and Cyber Criminals have brushed up their hacking skills and started using Botnets as a cyber weapon to carry out multiple crimes such as DDoS attacks
Cybersecurity Resources