#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

computer virus | Breaking Cybersecurity News | The Hacker News

Beware of Windows/MacOS/Linux Virus Spreading Through Facebook Messenger

Beware of Windows/MacOS/Linux Virus Spreading Through Facebook Messenger
Aug 24, 2017
If you came across any Facebook message with a video link sent by anyone, even your friend — just don't click on it. Security researchers at Kaspersky Lab have spotted an ongoing cross-platform campaign on Facebook Messenger, where users receive a video link that redirects them to a fake website, luring them to install malicious software. Although it is still unclear how the malware spreads, researchers believe spammers are using compromised accounts, hijacked browsers, or clickjacking techniques to spread the malicious link. The attackers make use of social engineering to trick users into clicking the video link, which purports to be from one of their Facebook friends, with the message that reads "< your friend name > Video" followed by a bit.ly link, as shown. Here's How this Cross-Platform Malware Works: The URL redirects victims to a Google doc that displays a dynamically generated video thumbnail, like a playable movie, based on the sender'

Ukrainian Man Arrested For Distributing NotPetya Ransomware And Helping Tax Evaders

Ukrainian Man Arrested For Distributing NotPetya Ransomware And Helping Tax Evaders
Aug 10, 2017
Ukrainian authorities have arrested a 51-year-old man accused of distributing the infamous Petya ransomware (Petya.A, also known as NotPetya) — the same computer virus that massively hit numerous businesses, organisations and banks in Ukraine as well as different parts of Europe around 45 days ago. However, the story is not as simple as it seems, which portrayed this man as a criminal. I recommend you to read complete article to understand the case better and then have an opinion accordingly. Sergey Neverov (Сергей Неверов), father of two sons and the resident of the southern city of Nikopol, is a video blogger and computer enthusiast who was arrested by the Ukrainian police on Monday, August 7 from his home. What Neverov Did? According to a press release published on Thursday by the Ukrainian cyber police department, Neverov uploaded a video, showing how to infect a computer with Petya.A ransomware—and also shared a download link for NotPetya malware to his social media

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future
Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu

Apple Users, Beware! A Nearly-Undetectable Malware Targeting Mac Computers

Apple Users, Beware! A Nearly-Undetectable Malware Targeting Mac Computers
Jul 25, 2017
Yes, even Mac could also get viruses that could silently spy on its users. So, if you own a Mac and think you are immune to malware, you are wrong. An unusual piece of malware that can remotely take control of webcams, screen, mouse, keyboards, and install additional malicious software has been infecting hundreds of Mac computers for more than five years—and it was detected just a few months back. Dubbed FruitFly , the Mac malware was initially detected earlier this year by Malwarebytes researcher Thomas Reed, and Apple quickly released security patches to address the dangerous malware. Now months later, Patrick Wardle, an ex-NSA hacker and now chief security researcher at security firm Synack, discovered around 400 Mac computers infected with the newer strain of the FruitFly malware (FruitFly 2) in the wild. Wardle believes the number of infected Macs with FruitFly 2 would likely be much higher, as he only had access to some servers used to control FruitFly. Although it i

Automated remediation solutions are crucial for security

cyber security
websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.

WikiLeaks Reveals CIA Teams Up With Tech to Collect Ideas For Malware Development

WikiLeaks Reveals CIA Teams Up With Tech to Collect Ideas For Malware Development
Jul 19, 2017
As part of its ongoing Vault 7 leaks , the whistleblower organisation WikiLeaks today revealed about a CIA contractor responsible for analysing advanced malware and hacking techniques being used in the wild by cyber criminals. According to the documents leaked by WikiLeaks, Raytheon Blackbird Technologies, the Central Intelligence Agency (CIA) contractor, submitted nearly five such reports to CIA as part of UMBRAGE Component Library (UCL) project between November 2014 and September 2015. These reports contain brief analysis about proof-of-concept ideas and malware attack vectors — publically presented by security researchers and secretly developed by cyber espionage hacking groups. Reports submitted by Raytheon were allegedly helping CIA's Remote Development Branch (RDB) to collect ideas for developing their own advanced malware projects. It was also revealed in previous Vault 7 leaks that CIA's UMBRAGE malware development teams also borrow codes from publicly avail

14-Year-Old Japanese Boy Arrested for Creating Ransomware

14-Year-Old Japanese Boy Arrested for Creating Ransomware
Jun 06, 2017
Japanese authorities have arrested a 14-year-old boy in Osaka, a prefecture and large port city, for allegedly creating and distributing a ransomware malware . This is the first such arrest in Japan which involves a Ransomware-related crime. Ransomware is a piece of malware that encrypts files on a victim's computer and makes them inaccessible until the victim pays a ransom, usually in Bitcoins, in order to get the decryption keys for the encrypted files. Ransomware has been around for a few years, but currently, it has become a major cyber threat for businesses and users across the world. Just last month, the WannaCry ransomware hit over 300,000 PCs within just 72 hours, wreaking havoc worldwide. The recent arrest came after the teenager, who is a third-year junior high school student, created a ransomware virus and uploaded its source code on the Internet, according to multiple Japanese media. The student, who admitted to the allegations, combined free encryption

Beware! Fireball Malware Infects Nearly 250 Million Computers Worldwide

Beware! Fireball Malware Infects Nearly 250 Million Computers Worldwide
Jun 01, 2017
Security researchers have discovered a massive malware campaign that has already infected more than 250 million computers across the world, including Windows and Mac OS. Dubbed Fireball , the malware is an adware package that takes complete control of victim's web browsers and turns them into zombies, potentially allowing attackers to spy on victim's web traffic and potentially steal their data. Check Point researchers, who discovered this massive malware campaign, linked the operation to Rafotech, a Chinese company which claims to offer digital marketing and game apps to 300 million customers. While the company is currently using Fireball for generating revenue by injecting advertisements onto the browsers, the malware can be quickly turned into a massive destroyer to cause a significant cyber security incident worldwide. Fireball comes bundled with other free software programs that you download off of the Internet. Once installed, the malware installs browser plug

WikiLeaks Reveals 'AfterMidnight' & 'Assassin' CIA Windows Malware Frameworks

WikiLeaks Reveals 'AfterMidnight' & 'Assassin' CIA Windows Malware Frameworks
May 15, 2017
When the world was dealing with the threat of the self-spreading WannaCry ransomware , WikiLeaks released a new batch of CIA Vault 7 leaks , detailing two apparent CIA malware frameworks for the Microsoft Windows platform. Dubbed " AfterMidnight " and " Assassin ," both malware programs are designed to monitor and report back actions on the infected remote host computer running the Windows operating system and execute malicious actions specified by the CIA. Since March, WikiLeaks has published hundreds of thousands of documents and secret hacking tools that the group claims came from the US Central Intelligence Agency (CIA). This latest batch is the 8th release in the whistleblowing organization's 'Vault 7' series. 'AfterMidnight' Malware Framework According to a statement from WikiLeaks, 'AfterMidnight' allows its operators to dynamically load and execute malicious payload on a target system. The main controller of the ma

New Fileless Malware Uses DNS Queries To Receive PowerShell Commands

New Fileless Malware Uses DNS Queries To Receive PowerShell Commands
Mar 06, 2017
It is no secret that cybercriminals are becoming dramatically more adept, innovative, and stealthy with each passing day. While new forms of cybercrime are on the rise, traditional activities seem to be shifting towards more clandestine techniques that involve the exploitation of standard system tools and protocols, which are not always monitored. The latest example of such attack is DNSMessenger – a new Remote Access Trojan (RAT) that uses DNS queries to conduct malicious PowerShell commands on compromised computers – a technique that makes the RAT difficult to detect onto targeted systems. The Trojan came to the attention of Cisco's Talos threat research group by a security researcher named Simpo, who highlighted a tweet that encoded text in a PowerShell script that said 'SourceFireSux.' SourceFire is one of Cisco's corporate security products. DNSMessenger Attack Is Completely Fileless Further analysis of the malware ultimately led Talos researchers to

RansomFree Tool Detects Never-Seen-Before Ransomware Before It Encrypts Your Data

RansomFree Tool Detects Never-Seen-Before Ransomware Before It Encrypts Your Data
Dec 20, 2016
Ransomware has risen dramatically since last few years, so rapidly that it might have already hit you or someone you know. With hundred of thousands of ransomware variants emerging every day, it is quite difficult for traditional signature-based antivirus tools to keep their signature database up-to-date. So, if signature-based techniques are not enough to detect ransomware infection, then what else can we do? The solution is RansomFree . Boston-based cyber security firm Cybereason has released RansomFree — a real-time ransomware detection and response software that can spot most strains of Ransomware before it starts encrypting files and alert the user to take action. RansomFree is a free standalone product and is compatible with PCs running Windows 7, 8 and 10, as well as Windows Server 2010 R2 and 2008 R2. Instead of regularly updated malware signatures to fight the bad programs, RansomFree uses "behavioral and proprietary deception" techniques to detect ne

This Ransomware Unlocks Your Files For Free If You Infect Others

This Ransomware Unlocks Your Files For Free If You Infect Others
Dec 09, 2016
Is your PC infected with Ransomware? Either pay the ransom amount to the attacker or spread the infection further to get the decryption keys. Yes, this new technique has been employed by cyber criminals with the latest round of ransomware threat, dubbed Popcorn Time. Initially discovered by MalwareHunterTeam , the new Popcorn Time Ransomware has been designed to give the victim's a criminal way of getting a free decryption key for their encrypted files and folders. Popcorn Time works similar to other popular ransomware threats, such as the Crysis Ransomware and TeslaCrypt, that encrypt various data stored on the infected computer and ask victims to pay a ransom amount to recover their data. But to get their important files back, Popcorn Time gives victims option to pay a ransom to the cyber criminal or infect two other people and have them pay the ransom to get a free decryption key. What's even worse? The victims are encouraged to pay the ransom of 1 Bitcoin (~$75

San Francisco Metro System Hacked with Ransomware; Resulting in Free Rides

San Francisco Metro System Hacked with Ransomware; Resulting in Free Rides
Nov 28, 2016
Nothing is immune to being hacked when hackers are motivated. The same proved by hackers on Friday, when more than 2,000 computer systems at San Francisco's public transit agency were apparently got hacked. San Francisco's Municipal Transportation Agency, also known as MUNI, offered free rides on November 26th after MUNI station payment systems and schedule monitors got hacked by ransomware and station screens across the city started displaying a message that reads: " You Hacked, ALL Data Encrypted. Contact For Key(cryptom27@yandex.com)ID:681 ,Enter. " According to the San Francisco Examiner, MUNI confirmed a Ransomware attack against the station fare systems, which caused them to shut down ticket kiosks and make rides free this weekend. As you can see, the above message delivered by the malware followed by an email address and ID number, which can then be used to arrange ransom payments. MUNI Spokesman Paul Rose said his agency was investigating the m

Mac Malware Can Secretly Spy On Your Webcam and Mic – Here's How to Stay Safe

Mac Malware Can Secretly Spy On Your Webcam and Mic – Here's How to Stay Safe
Oct 06, 2016
Apple Mac Computers are considered to be much safer than Windows at keeping viruses and malware out of its environment, but that's simply not true anymore. It's not because Mac OS X is getting worse every day, but because hackers are getting smart and sophisticated these days. The bad news for Mac users is that malware targeting webcams and microphones has now come up for Mac laptops as well. Patrick Wardle, an ex-NSA staffer who heads up research at security intelligence firm Synack, discovered a way for Mac malware to tap into your live feeds from Mac's built-in webcam and microphone to locally record you even without detection. Wardle is the same researcher who has discovered a number of security weaknesses in Apple products, including ways to bypass the Gatekeeper protections in OS X. Wardle also released a free tool called RansomWhere? earlier this year that has generic detection capabilities for Mac OS X ransomware variants. Wardle is scheduled to present h

Beware — Someone is dropping Malware-infected USB Sticks into People's Letterbox

Beware — Someone is dropping Malware-infected USB Sticks into People's Letterbox
Sep 22, 2016
Hey! Wait! Wait! Wait! Don't plug in that USB stick into your laptop. It could infect your computer with malware and viruses. Australia's Victoria Police Force has issued a warning regarding unmarked USB flash drives containing harmful malware being dropped inside random people's letterboxes in the Melbourne suburb of Pakenham. It seems to one of the latest tactics of cyber criminals to target people by dropping malware-laden USB sticks into their mailboxes, in the hope unsuspecting users will plug the infected devices into their personal or home computers. The warning, published on the official website of the Victoria Police, one of Australia's state police departments, reads: "Members of the public are allegedly finding unmarked USB drives in their letterboxes. Upon inserting the USB drives into their computers victims have experienced fraudulent media streaming service offers, as well as other serious issues [malware]. The USB drives are belie

Warning! This Cross-Platform Malware Can Hack Windows, Linux and OS X Computers

Warning! This Cross-Platform Malware Can Hack Windows, Linux and OS X Computers
Sep 08, 2016
Unlike specially crafted malware specifically developed to take advantage of Windows operating system platform, cyber attackers have started creating cross-platform malware for wider exploitation. Due to the rise in popularity of Mac OS X and other Windows desktop alternatives, hackers have begun designing cross-platform malware modularly for wide distribution. Cross-platform malware is loaded with specialized payloads and components, allowing it to run on multiple platforms. One such malware family has recently been discovered by researchers at Kaspersky Lab, which run on all the key operating systems, including Windows, Linux, and Mac OS X. Stefan Ortloff, a researcher from Kaspersky Lab's Global Research and Analysis Team, first discovered the Linux and Windows variants of this family of cross-platform backdoor, dubbed Mokes , in January this year. Now, the researcher today confirmed the existence of an OS X variant of this malware family, explaining a technical breakd

University Pays Hackers $20,000 to get back its Ransomware Infected Files

University Pays Hackers $20,000 to get back its Ransomware Infected Files
Jun 08, 2016
What's the worst that could happen when a Ransomware malware hits University? Last month, the IT department of the University from where I have done my graduation called me for helping them get rid of a Ransomware infection that locked down all its student's results just a day before the announcement. Unfortunately, there was no decrypter available for that specific ransomware sample, but luckily they had the digital backup for the examination results in the form of hundreds of excel sheets. So, somehow backup helped administrator to re-compile complete result once again into the database, but this delayed the announcement for over 30 days. However, the situation is not same every time. Recently, the University of Calgary in Alberta  paid a ransom of $20,000 to decrypt their computer systems' files and regain access to its own email system after getting hit by a ransomware infection. The University fell victim to ransomware last month, when the malware instal

Irongate — New Stuxnet-like Malware Targets Industrial Control Systems

Irongate — New Stuxnet-like Malware Targets Industrial Control Systems
Jun 04, 2016
Security researchers have discovered a sophisticated piece of malware that uses tricks from the Stuxnet sabotage malware and is specifically designed to target industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems. Researchers at the security firm FireEye Labs Advanced Reverse Engineering said on Thursday that the malware, dubbed " IRONGATE ," affects Siemens industrial control systems. The malware only works in a simulated environment and is probably just a proof-of-concept that is likely not used in wild; therefore is not yet advanced enough to impact real-world systems . The Irongate malware "is not viable against operational Siemens control systems," the cybersecurity firm said in its blog post , and the malware "does not exploit any vulnerabilities in Siemens products." The researchers found this malware fascinating due to its mode of operation that included some Stuxnet-like behavior. The Stuxnet sab

Russia arrests 50 hackers who stole $25 million from Banks

Russia arrests 50 hackers who stole $25 million from Banks
Jun 03, 2016
Russian authorities have arrested a gang of 50 hackers suspected of stealing more than 1.7 Billion Rubles ( over US$25 Million ) from banks and other financial institutions in the country since 2011. The same criminal gang had tried to steal a further 2.273 Billion Roubles by issuing false payment instructions, but that were blocked. The group allegedly used a Trojan called " Lurk " to set up a network of bots on infected computers to carry out the attacks, according to Russia's FSB ( Federal Security Service ). Initially identified in 2012, Lurk is a "fileless" Trojan that runs in RAM and has mostly been used for collecting banking credentials, especially for banks in Eastern Europe and the Russian Federation. The criminal gang allegedly seeded some of Russia's most popular websites with Lurk. Once infected, the malware downloaded more software modules, allowing the hackers to gain remote access to victims' computers. The hackers then stole
Cybersecurity Resources