Malware | Breaking Cybersecurity News | The Hacker News

Apple introduces a new privacy feature for all new MacBooks that "at some extent" will prevent hackers and malicious applications from eavesdropping on your conversations. Apple's custom T2 security chip in the latest MacBooks includes a new hardware feature that physically disconnects the MacBook's built-in microphone whenever the user closes the lid, the company revealed yesterday at its event at the Brooklyn Academy of Music in New York. Though the new T2 chip is already present in the 2018 MacBook Pro models launched earlier this year, this new feature got unveiled when Apple launched the new Retina MacBook Air and published a full security guide for T2 Chip yesterday. "This disconnect is implemented in hardware alone, and therefore prevents any software, even with root or kernel privileges in macOS, and even the software on the T2 chip, from engaging the microphone when the lid is closed," Apple explained in the guide [ PDF ]. The tech giant furt

Cybersecurity firm FireEye claims to have discovered evidence that proves the involvement of a Russian-owned research institute in the development of the TRITON malware that caused some industrial systems to unexpectedly shut down last year, including a petrochemical plant in Saudi Arabia. TRITON , also known as Trisis, is a piece of ICS malware designed to target the Triconex Safety Instrumented System (SIS) controllers made by Schneider Electric which are often used in oil and gas facilities. Triconex Safety Instrumented System is an autonomous control system that independently monitors the performance of critical systems and takes immediate actions automatically if a dangerous state is detected. Since malware of such capabilities can't be created by a computer hacker without possessing necessary knowledge of Industrial Control Systems (ICS), researchers believe with "high confidence" that Moscow-based lab Central Scientific Research Institute of Chemistry and

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

Chinese cybersecurity researchers have uncovered a widespread, ongoing malware campaign that has already hijacked over 100,000 home routers and modified their DNS settings to hack users with malicious web pages—especially if they visit banking sites—and steal their login credentials. Dubbed GhostDNS , the campaign has many similarities with the infamous DNSChanger malware that works by changing DNS server settings on an infected device, allowing attackers to route the users' internet traffic through malicious servers and steal sensitive data. According to a new report from cybersecurity firm Qihoo 360's NetLab, just like the regular DNSChanger campaign, GhostDNS scans for the IP addresses for routers that use weak or no password at all, accesses the routers' settings, and then changes the router's default DNS address to the one controlled by the attackers. GhostDNS System: List of Modules and Sub-Modules The GhostDNS system mainly includes four modules:

Cybersecurity researchers at ESET have unveiled what they claim to be the first-ever UEFI rootkit being used in the wild, allowing hackers to implant persistent malware on the targeted computers that could survive a complete hard-drive wipe. Dubbed LoJax , the UEFI rootkit is part of a malware campaign conducted by the infamous Sednit group, also known as APT28, Fancy Bear , Strontium , and Sofacy , to target several government organizations in the Balkans as well as in Central and Eastern Europe. Operating since at least 2007, Sednit group is a state-sponsored hacking group believed to be a unit of GRU (General Staff Main Intelligence Directorate), a Russian secret military intelligence agency. The hacking group has been associated with a number of high profile attacks, including the DNC hack just before the U.S. 2016 presidential election . UEFI, or Unified Extensible Firmware Interface, a replacement for the traditional BIOS, is a core and critical firmware component of a

A Latvian hacker behind the development and operation of counter antivirus service "Scan4You" has finally been sentenced to 14 years in prison. 37-year-old Ruslans Bondars, described as a Latvian "non-citizen" or "citizen of the former USSR who had been residing in Riga, Latvia," was found guilty on May 16 in federal court in Alexandria, during which a co-conspirator revealed he had worked with Russian law enforcement. Bondars created and ran Scan4you—a VirusTotal like online multi-engine antivirus scanning service that allowed hackers to run their code by several popular antiviruses to determine if their computer virus or malware would be flagged during routine security scans before launching them into a real-world malware campaign. While legal scanning services share data about uploaded files with the antivirus firms, Scan4you instead informed its users that they could "upload files anonymously and promised not to share information about the

Three young hackers who were sentenced late last year for creating and spreading the notorious Mirai botnet are now helping the FBI to investigate other "complex" cybercrime cases in return to avoid their lengthy prison terms. Paras Jha, 21 from New Jersey, Josiah White, 20 from Washington, and Dalton Norman, 21 from Louisiana, plead guilty in December 2017 to multiple charges for their role in creating and hijacking hundreds of thousands IoT devices to make them part of a notorious botnet network dubbed Mirai . Mirai malware scanned for insecure routers, cameras, DVRs, and other Internet of Things (IoT) devices which were using their default passwords and then made them part of a botnet network . The trio developed the Mirai botnet to attack rival Minecraft video gaming hosts, but after realizing that their invention was powerful enough to launch record-breaking DDoS attacks against targets like OVH hosting website, they released the source code of Mirai . The

Bristol Airport has blamed a ransomware attack for causing a blackout of flight information screens for two days over the weekend. The airport said that the attack started Friday morning, taking out several computers over the airport network, including its in-house display screens which provide details about the arrival and departure information of flights. The attack forced the airport officials to take down its systems and use whiteboards and paper posters to announce check-in and arrival information for flights going through the airport and luggage pickup points for all Friday, Saturday, and the subsequent night. "We are currently experiencing technical problems with our flight information screens," a post on the Bristol Airport's official Twitter feed read on Friday. "Flights are unaffected and details of check-in desks, boarding gates, and arrival/departure times will be made over the public address system. Additional staff are on hand to assist passeng

Warning! If you are using Chrome browser extension from the MEGA file storage service, uninstall it right now. The official Chrome extension for the MEGA.nz cloud storage service had been compromised and replaced with a malicious version that can steal users' credentials for popular websites like Amazon, Microsoft, Github, and Google, as well as private keys for users' cryptocurrency wallets. On 4 September at 14:30 UTC, an unknown attacker managed to hack into MEGA's Google Chrome web store account and upload a malicious version 3.39.4 of an extension to the web store, according to a blog post published by the company. Malicious MEGA Chrome Extension Steals Passwords Upon installation or auto-update, the malicious extension asked for elevated permissions to access personal information, allowing it to steal credentials from sites like Amazon, Github, and Google, along with online wallets such as MyEtherWallet and MyMonero, and Idex.market cryptocurrency trading

Last month we reported about a widespread crypto-mining malware campaign that hijacked over 200,000 MikroTik routers using a previously disclosed vulnerability revealed in the CIA Vault 7 leaks . Now Chinese security researchers at Qihoo 360 Netlab have discovered that out of 370,000 potentially vulnerable MikroTik routers, more than 7,500 devices have been compromised to enable Socks4 proxy maliciously, allowing attackers to actively eavesdrop on the targeted network traffic since mid-July. The vulnerability in question is Winbox Any Directory File Read (CVE-2018-14847) in MikroTik routers that was found exploited by the CIA Vault 7 hacking tool called Chimay Red , along with another MikroTik's Webfig remote code execution vulnerability. Both Winbox and Webfig are RouterOS management components with their corresponding communication ports as TCP/8291, TCP/80, and TCP/8080. Winbox is designed for Windows users to easily configure the routers that download some DLL files

Security researchers have uncovered a new, powerful Android malware framework that is being used by cybercriminals to turn legitimate apps into spyware with extensive surveillance capabilities—as part of what seems to be a targeted espionage campaign. Legitimate Android applications when bundled with the malware framework, dubbed Triout, gain capabilities to spy on infected devices by recording phone calls, and monitoring text messages, secretly stealing photos and videos, and collecting location data—all without users' knowledge. The strain of Triout-based spyware apps was first spotted by the security researchers at Bitdefender on May 15 when a sample of the malware was uploaded to VirusTotal by somebody located in Russia, but most of the scans came from Israel. In a white paper (PDF) published Monday, Bitdefender researcher Cristofor Ochinca said the malware sample analyzed by them was packaged inside a malicious version of an Android app which was available on Google Pla

Security researchers at Kaspersky Labs have uncovered a new, complex malware campaign that has been targeting customers of several Mexican banking institutions since at least 2013. Dubbed Dark Tequila , the campaign delivers an advanced keylogger malware that managed to stay under the radar for five years due to its highly targeted nature and a few evasion techniques. Dark Tequila has primarily been designed to steal victims' financial information from a long list of online banking sites, as well as login credentials to popular websites, ranging from code versioning repositories to public file storage accounts and domain registrars. The list of targeted sites includes "Cpanels, Plesk, online flight reservation systems, Microsoft Office 365, IBM Lotus Notes clients, Zimbra email, Bitbucket, Amazon, GoDaddy, Register, Namecheap, Dropbox, Softlayer, Rackspace, and other services," the researchers say in a blog post . The malware gets delivered to the victims' comp

Artificial Intelligence (AI) has been seen as a potential solution for automatically detecting and combating malware, and stop cyber attacks before they affect any organization. However, the same technology can also be weaponized by threat actors to power a new generation of malware that can evade even the best cyber-security defenses and infects a computer network or launch an attack only when the target's face is detected by the camera. To demonstrate this scenario, security researchers at IBM Research came up with DeepLocker —a new breed of "highly targeted and evasive" attack tool powered by AI," which conceals its malicious intent until it reached a specific victim. According to the IBM researcher, DeepLocker flies under the radar without being detected and "unleashes its malicious action as soon as the AI model identifies the target through indicators like facial recognition, geolocation and voice recognition." Describing it as the "sp

Taiwan Semiconductor Manufacturing Company (TSMC)—the world's largest makers of semiconductors and processors—was forced to shut down several of its chip-fabrication factories over the weekend after being hit by a computer virus. Now, it turns out that the computer virus outbreak at Taiwan chipmaker was the result of a variant of WannaCry —a massive ransomware attack that wreaked havoc across the world by shutting down hospitals, telecom providers, and many businesses in May 2017. TSMC shut down an entire day of production this weekend after several of its factories systems were halted by a computer virus in the middle of the ramp-up for chips to be used by Apple's future lines of iPhones, which could impact revenue by approx $256 million. According to the semiconductor manufacturer, its computer systems were not direct attacked by any hacker, but instead, were exposed to the malware "when a supplier installed tainted software without a virus scan" to TSMC&

There's both good news and bad news for Fortnite game lovers. Fortnite, one of the most popular games in the world right now, is coming to Android devices very soon, but players would not be able to download Fortnite APK from the Google Play Store. Instead, Epic Games software development company has confirmed the Fortnite APK for Android will be available for download exclusively only through its official website, bypassing the Google Play Store. Why Fortnite for Android Bypassing Google Play Store? Epic Games CEO Tim Sweeney cites two main reasons for this decision. First, offering Fortnite APK downloads directly from its official website will allow the company to "have a direct relationship" with its consumers. Second, since Google takes a 30 percent cut of revenue each time a user makes an in-app purchase through its Play Store, the decision will allow the company to save millions. This should not be shocking as Fortnite on iOS made $15 million in j

Taiwan Semiconductor Manufacturing Company (TSMC)—Apple's sole supplier of SoC components for iPhones and iPads, and Qualcomm's major manufacturing partner—shut down several of its chip-fabrication factories Friday night after being hit by a computer virus. The world's largest makers of semiconductors and processors TSMC lost an entire day of production after several of its factories systems were halted by a computer virus in the middle of the ramp-up for chips to be used by Apple's future lines of iPhones. Though the popular chip maker has been attacked by viruses in the past, this is the first time a virus has affected TSMC's production lines, making the incident a real big deal. Without revealing many details, TSMC said a number of its computer systems and fabrication tools were infected by the virus on Friday night, but since then it has recovered 80% of its impacted equipment, though others will be recovered by tomorrow. According to TSMC, the comput

India-linked highly targeted mobile malware campaign, first unveiled two weeks ago , has been found to be part of a broader campaign targeting multiple platforms, including windows devices and possibly Android as well. As reported in our previous article , earlier this month researchers at Talos threat intelligence unit discovered a group of Indian hackers abusing mobile device management (MDM) service to hijack and spy on a few targeted iPhone users in India. Operating since August 2015, the attackers have been found abusing MDM service to remotely install malicious versions of legitimate apps, including Telegram, WhatsApp, and PrayTime, onto targeted iPhones. These modified apps have been designed to secretly spy on iOS users, and steal their real-time location, SMS, contacts, photos and private messages from third-party chatting applications. During their ongoing investigation, Talos researchers identified a new MDM infrastructure and several malicious binaries – designed

Security researchers have uncovered a "highly targeted" mobile malware campaign that has been operating since August 2015 and found spying on 13 selected iPhones in India. The attackers, who are also believed to be operating from India, were found abusing mobile device management (MDM) protocol—a type of security software used by large enterprises to control and enforce policies on devices being used their employees—to contol and deploy malicious applications remotely. Exploiting Apple MDM Service to Remotely Control Devices To enroll an iOS device into the MDM requires a user to manually install enterprise development certificate, which enterprises obtained through the Apple Developer Enterprise Program. Companies can deliver MDM configuration file through email or a webpage for over-the-air enrollment service using Apple Configurator. Once a user installs it, the service allows the company administrators to remotely control the device, install/remove apps, in

Security researchers from Check Point Threat Intelligence Team have discovered the comeback of an APT (advanced persistent threat) surveillance group targeting institutions across the Middle East, specifically the Palestinian Authority. The attack, dubbed "Big Bang," begins with a phishing email sent to targeted victims that includes an attachment of a self-extracting archive containing two files—a Word document and a malicious executable. Posing to be from the Palestinian Political and National Guidance Commission, the Word document serves as a decoy to distract victims while the malware is installed in the background. The malicious executable, which runs in the background, act as the first stage info-stealer malware designed for intelligence gathering to identify potential victims (on the basis of what is unclear as of now), and then it accordingly downloads the second stage malware designed for espionage. "While the analysis...discloses the capabilities of