#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

antivirus free download | Breaking Cybersecurity News | The Hacker News

First Irish language Ransomware Malware demanding €100 for unlock

First Irish language Ransomware Malware demanding €100 for unlock

Sep 08, 2012
A new Ransomware Malware dubbed Gaeilge  locks up an infected computer and attempts to extort €100 from the user for an unlock code. The demand for cash reportedly appeared in poorly written Gaelic, and the software nastie was spotted on a computer in County Donegal, Ireland. Gaeilge tell computer users that attempts to access online pornography sent it into shut-down mode. But instead of giving in to the monetary request, the victim took the compromised machine to the repair store, The Register said . Ransomware  (also referred to in some cases as cryptoviruses, cryptotrojans or cryptoworms) comprises a class of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator of the malware in order for the restriction to be removed. Technician Brian McGarvey of Techie2u computer repairs told that it was the first time he'd come across a virus written in the Irish language during his 12 years of experience in the job. " It'
Operation Aurora - Other Zero-Day Attacks targeting finance and Energy

Operation Aurora - Other Zero-Day Attacks targeting finance and Energy

Sep 08, 2012
The infamous Aurora Trojan horse is just one of many attacks launched by the same group of malware authors over the past three years, according to researchers at Symantec. Security researchers with Symantec have issued a report outlining the techniques used by the so-called " Edgewood " hacking platform and the group behind it. The group seemingly has an unlimited supply of zero-day vulnerabilities. The company said that the group is well-funded and armed with more than a half-dozen unpublished security vulnerabilities. " They are definitely shifting their methodology, and there are open questions about why that is ," said Eric Chien, senior technical director for Symantec's security response group. " They may be finding that older techniques are no longer working ." " The number of zero-day exploits used indicates access to a high level of technical capability. "The researchers said that the group appears to favour "watering hole&quo
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
Google buys Online Malware Multi Scanner VirusTotal

Google buys Online Malware Multi Scanner VirusTotal

Sep 08, 2012
Google on Friday said it acquired online virus-scanning service, VirusTotal, a provider of a free service that detects computer viruses and other malicious software in files and websites. VirusTotal, company based in Spain with only a handful of employees, performs the free service by pooling data from scores of " antivirus engines, website scanners, file and URL analysis tools, " according to its site. Users only have to head to the online tool, select the file from their desktops, and the system is supposed to take care of the rest. The maximum file size currently supported by the service is 32MB. In a blog post on Friday, VirusTotal reps asserted that the merger is good news for consumers and bad news for malware generators for the following two reasons: The quality and power of our malware research tools will keep improving, most likely faster; and Google's infrastructure will ensure that our tools are always ready, right when you need them. "Our goal is simple:
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
New Ransom malware infecting computers

New Ransom malware infecting computers

Sep 03, 2012
The Metropolitan Police have issued an urgent warning about a new ransom malware that is in circulation. Ransomware (also referred to in some cases as cryptoviruses, cryptotrojans or cryptoworms) comprises a class of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator of the malware in order for the restriction to be removed. " The "malware" infects personal computers after users have accessed certain websites. *(It should be noted that there are several similar designs currently in circulation) " Ransomware typically propagates like a typical computer worm, entering a system through, for example, a downloaded file or a vulnerability in a network service. The program will then run a payload which will begin to encrypt personal files on the hard drive. More sophisticated ransomware may hybrid-encrypt the victim's plaintext with a random symmetric key and a fixed public key. The malware author is th
Iran still on target of 'Mahdi' malware after detection

Iran still on target of 'Mahdi' malware after detection

Sep 03, 2012
In JULY Kaspersky Lab and Seculert revealed the presence of a new cyber-espionage weapon known targeting users in the Middle East. Despite the recent uncovering of the 'Madhi' malware that has infected several hundred computers in the Middle East, researchers say the virus is continuing to spread. The malware, known as 'Mahdi' or 'Madi', was originally discovered by Seculert. In addition to stealing data from infected Windows computers, it is also capable of monitoring email and instant messages, recording audio, capturing keystrokes and taking screenshots of victims' computers. Working together, researchers at Seculert and Kaspersky sinkholed the malware's command and control servers and monitored the campaign. What they found was a targeted attack that impacted more than 800 victims in Iran, Israel and other countries from around the globe. Israeli security company Seculert said it had identified about 150 new victims over the past six weeks as deve
Wiper, the Destructive Malware possibly connected to Stuxnet and Duqu

Wiper, the Destructive Malware possibly connected to Stuxnet and Duqu

Sep 01, 2012
Kaspersky Lab publishes research resulting from the digital forensic analysis of the hard disk images obtained from the machines attacked by the Wiper - a destructive malware program attacking computer systems related to oil facilities in Western Asia. Security researchers from Kaspersky Lab have uncovered information suggesting a possible link between the mysterious malware that attacked Iranian oil ministry computers in April and the Stuxnet and Duqu cyber espionage threats. The malware wipes data from hard drives, placing high priority on those with a .pnf extension, which are the type of files Stuxnet and Duqu used, and has other behavioral similarities, according to Schouwenberg. It also deletes all traces of itself. As a result, researchers have not been able to get a sample, but they've reviewed mirror images left on hard drives. Kaspersky's researchers were not able to find the mysterious malware, which was given the name Wiper, because very little data from the aff
Malware Attack on 2nd Largest Liquefied Natural Gas Producer

Malware Attack on 2nd Largest Liquefied Natural Gas Producer

Aug 31, 2012
Reports have surfaced that liquified natural gas (LNG) producer RasGas , based in the Persian Gulf nation of Qatar, has been struck by an unidentified virus, this time shutting down its website and email servers. The malware, however, did not affect the company's operational computers that control the production and delivery of gas, an official of the Ras Laffan Liquefied Natural Gas company. The attack reportedly began Aug. 27. The RasGas website was still unavailable on Thursday, three days after the attack. For the second time in two weeks a virus outbreak has been reported at an energy company in that region. Earlier this week the Saudi Aramco oil company confirmed that its network was hit by a virus two weeks ago, shutting down 30,000 workstations. Neither company identified the virus, but in at least one of the cases it is believed to be malware known as "Shamoon." A joint venture between Qatar Petroleum and ExxonMobil, RasGas exports about 36.3 million tons of liq
Oracle releases patches for Java vulnerability CVE-2012-4681

Oracle releases patches for Java vulnerability CVE-2012-4681

Aug 31, 2012
Oracle has released a new patch which kills off a vulnerability in Java 7 that was being exploited by malware developers. " Due to the high severity of these vulnerabilities, Oracle recommends that customers apply this Security Alert as soon as possible ," Eric Maurice, the company's director of software security assurance. The out-of-band Security Alert CVE-2012-4681 includes fixes for "three distinct but related vulnerabilities and one security-in-depth issue" affecting Java running within the browser. Users with vulnerable versions of Java installed can have malware silently planted on their systems just by browsing to a hacked or malicious website unknowingly.Java is a free programming language widely used to enable every day programs and website elements to function, including some games, apps and chat, as well as enterprise apps. The attacks using this vulnerability so far have been Windows-based, the exploit was demonstrated on other platforms supported by Java
Cross Platform Trojan steals Linux and Mac OS X passwords

Cross Platform Trojan steals Linux and Mac OS X passwords

Aug 27, 2012
Russian anti-virus company Doctor Web reported about the first cross-platform backdoor to run under Linux and Mac OS X identified as " BackDoor.Wirenet.1 ". This malicious program designed to steals passwords entered by the user in Opera, Firefox, Chrome, and Chromium, and passwords stored by such applications as Thunderbird, SeaMonkey, and Pidgin. BackDoor.Wirenet.1 is the first-ever Trojan that can simultaneously work on these operating systems. BackDoor.Wirenet.1 is still under investigation. At launch BackDoor.Wirenet.1 creates a copy in the user's home directory. To interact with the command server located at 212.7.208.65, the malware uses a special encryption algorithm Advanced Encryption Standard (AES). BackDoor.
FireEye spotted Critical 0-day vulnerability in Java Runtime Environment

FireEye spotted Critical 0-day vulnerability in Java Runtime Environment

Aug 27, 2012
FireEye's Malware Intelligence Lab is making the claim that there is a new zero day vulnerability in the wild that affects the latest version of Java.Researcher. Atif Mushtaq wrote on the company's blog that he spotted the initial exploit on a domain that pointed to an IP address in China. The vulnerability allows computers to be infected by simply visiting a specially crafted web page, and the malware served in the current attacks contacts a C&C server in Singapore. Researchers from heise Security have also created a PoC page using information that is publicly available. A separate post published on Monday by researchers Andre M. DiMino and Mila Parkour said the number of attacks, which appear to install the Poison Ivy Remote Access Trojan, were low. But they went on to note that the typical delay in issuing Java patches, combined with the circulation of exploit code, meant it was only a matter of time until the vulnerability is exploited more widely by other attackers.
Saudi Aramco Oil Producer's 30,000 workstations victim of Cyber Attack

Saudi Aramco Oil Producer's 30,000 workstations victim of Cyber Attack

Aug 27, 2012
Saudi Aramco, the world's biggest oil producer, has resumed operating its main internal computer networks after a virus infected about 30,000 of its workstations in mid-August. Immediately after the Aug. 15 attack, the company announced it had cut off its electronic systems from outside access to prevent further attacks. Saudi Aramco said the virus "originated from external sources" and that its investigation into the matter was ongoing. There was no mention of whether this was related to this month's Shamoon attacks. " The disruption was suspected to be the result of a virus that had infected personal workstations without affecting the primary components of the network, " Saudi Aramco said over Facebook . " We would like to emphasize and assure our stakeholders, customers and partners that our core businesses of oil and gas exploration, production and distribution from the wellhead to the distribution network were unaffected and are functioning as reliably as ever
Hijacking Servers Remotely with Hikit advanced persistent threat

Hijacking Servers Remotely with Hikit advanced persistent threat

Aug 26, 2012
Security researchers have revealed the existence of an advanced persistent threat that has been making the rounds since April 2011.  Backdoor.Hikit  is a dangerous backdoor Trojan that will damage infected system and files. Usually, Backdoor. Hikit will open backdoor to allow remote attackers to connect to the infected system and carry out harmful activities, such as stealing information or destroying files and programs. It is really stubborn those antiviruses often fail to delete it for good, for it runs secretly and automatically when Windows boots without your knowledge or consent and can disguise it as fake system files or processes. Besides, many other threats, such as adware, redirecting virus, Trojan variants from family, such as Trojan Horse Generic 27.PN, BackDoor.Hupigon5.CJMY, Trojan.Zeroaccess.C, Trojan:win64/Sirefef.E and so on, which is really a threat to system and data security. According to experts from security firm Symantec , it all starts with the unknown dropper
Frankenstein Malware turning legitimate software into invisible malware

Frankenstein Malware turning legitimate software into invisible malware

Aug 24, 2012
Many malware and viruses can be identified by detection software because of known bits of malicious code. But what if there was a virus compiled from little bits of programs you already had installed? That's just what two security researchers are looking into. Frankenstein or The Modern Prometheus is a classic story in which a doctor creates life through technology in the form of a creature assembled from the parts of dead men. While this biological idea exists only in fiction, researchers have recently used it to craft a very ingenious piece of malware. Vishwath Mohan and Kevin Hamlen at the University of Texas at Dallas are interested in how malware disguises itself in order to propagate more widely. In Windows Explorer alone, Frankenstein found nearly 90,000 gadgets in just over 40 seconds, which means that malware created by the system would have a huge number of possible variations, work quickly, and be very difficult to detect. Frankenstein follows pre-written blueprints
NetWeirdRC - Commercial backdoor tool targeting Mac

NetWeirdRC - Commercial backdoor tool targeting Mac

Aug 24, 2012
NetWeirdRC is a commercial backdoor tool targeting Mac OS X 10.6 and later, as well as Windows, Linux and Solaris, according to Intego . The product is sold for US$60 in the malware world, relatively cheap in comparison to the OSX/Crisis malware that was being sold for €200,000 ($240,000). It's a commercial remote access tool, that after installation, calls home to the IP address 212.7.208.65 on port 4141 and awaits instructions. Then it carries out functions including installing files, gathering system information, stealing browser passwords and grabbing screen shots. In addition, it said, the malware can " harvest stored and encrypted usernames and passwords from Opera, Firefox, SeaMonkey, and Thunderbird browsers and mail clients ." It's able to infect Apple OS X (versions 10.6 and newer), Linux, Solaris, and Windows systems.
Power Plants Are Vulnerable To Hackers with Siemens flaw

Power Plants Are Vulnerable To Hackers with Siemens flaw

Aug 23, 2012
The U.S. Department of Homeland Security has issued an alert warning that hackers could exploit code in Siemens-owned technology to attack power plants and other national critical infrastructure. Justin W. Clarke, an expert in securing industrial control systems, disclosed at a conference in Los Angeles on Friday that he had figured out a way to spy on traffic moving through networking equipment manufactured by Siemens' RuggedCom division. RuggedCom, a Canadian subsidiary of Siemens that sells networking equipment for use in harsh environments such as areas with extreme weather, said it was investigating Clarke's findings, but declined to elaborate. Clarke said that the discovery of the flaw is disturbing because hackers who can spy on communications of infrastructure operators could gain credentials to access computer systems that control power plants and other critical systems. According to security researcher Justin W. Clarke, Rugged OS contains the same private key used
Malware Campaign Targeting BlackBerry

Malware Campaign Targeting BlackBerry

Aug 23, 2012
Websense ThreatSeeker Network intercepted a malware campaign targeting BlackBerry customers. These fake emails state that the recipient has successfully created a BlackBerry ID. According to Security Labs , those users who are targeted receive an email with the subject line " Your BlackBerry ID has been created ." The email encourages users to follow instructions in the attached file on how to " enjoy the full benefits " of their ID. The malware comes attached to an email that is an exact copy of the email you receive when creating a new BlackBerry ID. It teases you by asking you to download an attachment that allows you to fully appreciate the BlackBerry user experience. Those who open the attached .zip file will drop a handful of executable files that will modify the system registry to start malware programs upon the machine's next startup.
Hijacking Virtual Machines with Crisis malware

Hijacking Virtual Machines with Crisis malware

Aug 22, 2012
The Windows version of Crisis , a piece of malware discovered in July, is capable of infecting VMware virtual machine images, Windows Mobile devices and removable USB drives, according to researchers from antivirus vendor Symantec.The installer was actually a Java archive (JAR) file which had been digitally signed by VeriSign. Crisis is distributed via social engineering attacks that trick users into running a malicious Java applet. The applet identifies the user's OS, Windows or Mac OS X and executes the corresponding installer. " The threat uses three methods to spread itself: one is to copy itself and an autorun.inf file to a removable disk drive, another is to sneak onto a VMware virtual machine, and the final method is to drop modules onto a Windows Mobile device ," Symantec explained in a blog post . Malware authors are putting significant efforts into making sure that new variants of their Trojan programs are not detected by antivirus products when they are released. Also
Half Million Chinese Android Devices got infected with SMSZombie

Half Million Chinese Android Devices got infected with SMSZombie

Aug 21, 2012
The amount of malware crafted and aimed at Android devices is ever-increasing. With Android being the most popular platform for smartphones and tablets around the world, Android users have become the low-hanging fruit when it comes to writing malware by the nefarious users. A new Android threat has affected 500,000 devices in China so far. Analysts at TrustGo Security Labs have discovered the Trojan!SMSZombie.A. It is a complex and sophisticated malware that exploits a vulnerability in the China Mobile SMS Payment System to fund unauthorised payments, steal bank card numbers and receipt information regarding money transfers. The trojan is difficult to detect, and even more difficult to remove.  SMSZombieA was first discovered on August 8, and the malware is embedded in several wallpaper apps. The wallpaper apps are noted to use provocative titles and nude images to encourage users to download. The trojan installs itself on a device after its user has downloaded and installed the app
Sensitive data in human brain successfully extract by Hackers

Sensitive data in human brain successfully extract by Hackers

Aug 21, 2012
It is now possible to hack the human brain ? YES ! This was explained researchers at the Usenix Conference on Security, held from 8 to 10 August in Washington State. Using a commercial off-the-shelf brain-computer interface, the researchers have shown that it's possible to hack your brain, forcing you to reveal information that you'd rather keep secret. In a study of 28 subjects wearing brain-machine interface devices built by companies like Neurosky and Emotiv and marketed to consumers for gaming and attention exercises, the researchers found they were able to extract hints directly from the electrical signals of the test subjects' brains that partially revealed private information like the location of their homes, faces they recognized and even their credit card PINs. Brain-computer interface or BCIs are generally used in a medical setting with very expensive equipment, but in the last few years cheaper, commercial offerings have emerged. For $200-300, you can buy an Emotive or Ne
Shamoon Malware : Permanently wiping data from Energy Industry Computers

Shamoon Malware : Permanently wiping data from Energy Industry Computers

Aug 16, 2012
Malware researchers have uncovered an attack targeting an organization in the energy industry that attempts to wreak havoc by permanently wiping data from an infected computer's hard drive and rendering the machine unusable. Symantec would not name the victimized firm, and so far has seen the attack only in this one organization. W32.Disttrack is a new threat that is being used in specific targeted attacks against at least one organization in the energy sector. It is a destructive malware that corrupts files on a compromised computer and overwrites the MBR (Master Boot Record) in an effort to render a computer unusable. W32.Disttrack consists of several components: Dropper—the main component and source of the original infection. It drops a number of other modules. Wiper—this module is responsible for the destructive functionality of the threat. Reporter—this module is responsible for reporting infection information back to the attacker. " Ten years ago we used to see pur
Cybersecurity Resources