Search results for Malware | Breaking Cybersecurity News | The Hacker News

U.S. has the top Security Agencies like NSA, FBI to tackle cyber crime and terrorism with their high profile surveillance technologies, but even after that U.S is proudly hosting 44% of the entire cloud based malware distribution. With the enhancement in Internet technology, Cloud computing has shown the possibility of existence and now has become an essential gradient for any Internet Identity. Cloud services are designed in such a way that it is easy to maintain, use, configure and can be scaled depending upon the requirement of the service being provided using the CLOUD technology with cost effective manner. Due to the Easy and Cost effective alternative of traditional computing, Malware writers are using the big cloud hosting platforms to quickly and effectively serve malware to Internet users, allowing them to bypass detection and geographic blacklisting by serving from a trusted provider. Hiding behind trusted domains and names is not something new. According to recently

Emotet, a notorious email-based malware behind several botnet-driven spam campaigns and ransomware attacks, contained a flaw that allowed cybersecurity researchers to activate a kill-switch and prevent the malware from infecting systems for six months. "Most of the vulnerabilities and exploits that you read about are good news for attackers and bad news for the rest of us," Binary Defense's James Quinn said. "However, it's important to keep in mind that malware is software that can also have flaws. Just as attackers can exploit flaws in legitimate software to cause harm, defenders can also reverse-engineer malware to discover its vulnerabilities and then exploit those to defeat the malware." The kill-switch was alive between February 6, 2020, to August 6, 2020, for 182 days, before the malware authors patched their malware and closed the vulnerability. Since its first identification in 2014, Emotet has evolved from its initial roots as a banking

Over the past two years, a shocking  51% of organizations surveyed in a leading industry report have been compromised by a cyberattack.  Yes, over half.  And this, in a world where enterprises deploy  an average of 53 different security solutions  to safeguard their digital domain.  Alarming? Absolutely. A recent survey of CISOs and CIOs, commissioned by Pentera and conducted by Global Surveyz Research, offers a quantifiable glimpse into this evolving battlefield, revealing a stark contrast between the growing risks and the tightening budget constraints under which cybersecurity professionals operate. With this report, Pentera has once again taken a magnifying glass to the state of pentesting to release its annual report about today's pentesting practices. Engaging with 450 security executives from North America, LATAM, APAC, and EMEA—all in VP or C-level positions at organizations with over 1,000 employees—the report paints a current picture of modern security validation prac

A new disk wiping malware has been uncovered targeting a petroleum company in Europe, which is quite similar to the mysterious disk wiper malware Shamoon that wiped data from 35,000 computers at Saudi Arabia's national oil company in 2012. Disk wiping malware has the ability to cripple any organization by permanently wiping out data from all hard drive and external storage on a targeted machine, causing great financial and reputational damage. Security researchers from Moscow-based antivirus provider Kaspersky Lab discovered the new wiper StoneDrill while researching last November's re-emergence of Shamoon malware (Shamoon 2.0) attacks – two attacks occurred in November and one in late January. Shamoon 2.0 is the more advanced version of Shamoon malware that reportedly hit 15 government agencies and organizations across the world, wipes data and takes control of the computer's boot record, preventing the computers from being turned back on. Meanwhile, Kaspersky resea

We are quite aware of the Android malware scanner Google's Bouncer that tests the apps by running them in a virtualized environment i.e. a simulated phone created in software which automatically scans the apps to watch its real behaviour on users' devices, before approving them to the Play Store market. To protect its users and their devices from harm, Google launched this apps scanning software tool, two year ago. Bouncer is a security feature for the Android Play store Market that is designed to protect the Android users to not to be a victim of any malicious Android malware app. But does the security tool go far enough? Despite having protective shield factor, we have seen Google play store market is surrounded by many malicious apps which easily by-passes the Bouncer scan test and targets Android users. Security Research from Columbia University have exploited weaknesses in Google's Bouncer service to sneak malicious apps on to the Android market. They publish

Hacking ATM is now easier than ever before. Usually, hackers exploit hardware and software vulnerabilities to hack ATMs and force them to spit out cash, but now anyone can simply buy a malware to steal millions in cash from ATMs. Hackers are selling ready-made ATM malware on an underground hacking forum that anybody can simply buy for around $5000, researchers at Kaspersky Lab discovered after spotting a forum post advertising the malware, dubbed Cutlet Maker . The forum post provides a brief description and a detailed manual for the malware toolkit designed to target various ATMs models with the help of a vendor API, without interacting with ATM users and their data. Therefore, this malware does not affect bank customers directly; instead, it is intended to trick the bank ATMs from a specific vendor to release cash without authorisation. The manual also mentions an infamous piece of ATM malware, dubbed Tyupkin , which was first analysed in 2014 by Kaspersky Lab and used

Trojans were the most prolific malware threat in February-March, and collaboration seems to be the name of the game in malware development and distribution. Trojan-based attacks continue to be the biggest malware threat in February, but PDF exploits aren't far behind, according to several security reports. About 1 in 290 e-mails in February were malicious, making the month one of the most prolific periods for the threats, according to Symantec's February 2011 MessageLabs Intelligence Report. The global ratio of spam in e-mail traffic was 81.3 percent, an increase of 2.7 percent since January, the report found. The recent decline in spam appears to have reversed for the time being, according to the report. There was a lot of botnet activity in February, and the perpetrators appeared to be working together to some extent to distribute Trojans, according to Symantec. There were signs of integration across Zeus, Bredolab and SpyEye, as techniques associated with one malware family w

A Sophisticated cyber spying operation, ' The Mask ', that has been under the mask for about 7 years targeting approximately 31 countries, has now been 'unmasked' by researchers at Kaspersky Labs . The Researchers believe that the program has been operational since 2007 and is seems to be sophisticated nation-state spying tool that targeted government agencies and diplomatic offices and embassies before it was disclosed last month. In the unveiling document published by Kaspersky , they found more than 380 unique victims, including Government institutions, diplomatic offices/embassies, private companies, research institutions, activists etc. The name " Mask " comes from the Spanish slang word "Careto" (" Ugly Face " or " Mask ") which the authors included in some of the malware modules. Developers of the ' Mask ' aka ' Careto ' used complex tool-set which includes highly developed malware , bootkit, rootkit etc. that has the ability t

For 6 months, the infamous Emotet botnet has shown almost no activity, and now it's distributing malicious spam. Let's dive into details and discuss all you need to know about the notorious malware to combat it. Why is everyone scared of Emotet? Emotet  is by far one of the most dangerous trojans ever created. The malware became a very destructive program as it grew in scale and sophistication. The victim can be anyone from corporate to private users exposed to spam email campaigns. The botnet distributes through phishing containing malicious Excel or Word documents. When users open these documents and enable macros, the Emotet DLL downloads and then loads into memory. It searches for email addresses and steals them for spam campaigns. Moreover, the botnet drops additional payloads, such as Cobalt Strike or other attacks that lead to ransomware. The polymorphic nature of Emotet, along with the many modules it includes, makes the malware challenging to identify. The Emotet

However, manual lab setup and configuration can prove to be a laborious and time-consuming process. In this article, we'll look at 4 ways to create a reverse engineering lab, discuss how to save time, and, potentially, improve the detection rate using a  sandbox-as-a-service , and a recommended list of tools for a comprehensive setup. What is a malware analysis lab? In essence, a malware analysis lab provides a safe, isolated space for examining malware. The setup can range from a straightforward virtual machine using VirtualBox to a more intricate network of interconnected machines and actual networking hardware. But in this article, we'll look at building a lab tailored for static analysis, so what we will need is a secure environment where we can run disassemblers, edit binary files and debug. There are a couple of ways we can go about creating it: 1 — Virtualization Perhaps the simplest way to create a secure and isolated environment is by using a virtual machine.

Are you sure the WhatsApp app you are using on your Android device is legitimate, even if it's working perfectly as intended? ...Or the JioTV, AppLock, HotStar, Flipkart, Opera Mini or Truecaller app—if you have installed any of these? I'm asking this because cybersecurity researchers just yesterday revealed eye-opening details about a widespread Android malware campaign wherein attackers silently replaced installed legitimate apps with their malicious versions on nearly 25 million mobile phones. Now the important question here is how they're doing it and why? According to researchers at Check Point, attackers are distributing a new kind of Android malware that disguises itself as innocent-looking photo editing, adult entertainment, or gaming apps and available through widely used third-party app stores. Dubbed Agent Smith , the malware takes advantage of multiple Android vulnerabilities, such as the  Janus flaw and the Man-in-the-Disk flaw , and injects malic

Security researchers have been warning about an ongoing malware campaign hijacking Internet routers to distribute Android banking malware that steals users' sensitive information, login credentials and the secret code for two-factor authentication. In order to trick victims into installing the Android malware, dubbed Roaming Mantis , hackers have been hijacking DNS settings on vulnerable and poorly secured routers . DNS hijacking attack allows hackers to intercept traffic, inject rogue ads on web-pages and redirect users to phishing pages designed to trick them into sharing their sensitive information like login credentials, bank account details, and more. Hijacking routers' DNS for a malicious purpose is not new. Previously we reported about widespread DNSChanger and Switcher —both the malware worked by changing the DNS settings of the wireless routers to redirect traffic to malicious websites controlled by attackers. Discovered by security researchers at Kaspersk

The malicious Russian Tor exit node , which was claimed to be patching binary files, is actually distributing a malware program to launch cyber-espionage attacks against European government agencies. The group behind the rogue Tor exit node had likely been infecting files for more than a year, causing victims to download and install a backdoor file that gave hackers full control of their systems. Last month Josh Pitts of Leviathan Security Group uncovered a malicious Tor exit node that wraps Windows executable files inside a second, malicious Windows executable. But when Artturi Lehtiö of F-Secure carried out an in-depth research, he found that the exit node was actually linked to the notorious Russian APT family MiniDuke . " MiniDuke " previously infected government agencies and organizations in more than 20 countries via a modified Adobe PDF email attachment . MiniDuke malware is written in assembly language with its tiny file size (20KB), and uses hijacke

Yes, even Mac could also get viruses that could silently spy on its users. So, if you own a Mac and think you are immune to malware, you are wrong. An unusual piece of malware that can remotely take control of webcams, screen, mouse, keyboards, and install additional malicious software has been infecting hundreds of Mac computers for more than five years—and it was detected just a few months back. Dubbed FruitFly , the Mac malware was initially detected earlier this year by Malwarebytes researcher Thomas Reed, and Apple quickly released security patches to address the dangerous malware. Now months later, Patrick Wardle, an ex-NSA hacker and now chief security researcher at security firm Synack, discovered around 400 Mac computers infected with the newer strain of the FruitFly malware (FruitFly 2) in the wild. Wardle believes the number of infected Macs with FruitFly 2 would likely be much higher, as he only had access to some servers used to control FruitFly. Although it i