Call 01865 845 700
Google+ account Linkedin account Twitter account YouTube account


SEPT 18th 2017
BBC News

Alert over booby-trapped security software

A security company has issued a warning after its software was compromised by malicious hackers.

Piriform told users a booby-trapped version of its CCleaner software had been made available in August and September.

Millions of people use the CCleaner program to remove unwanted junk from Android phones and Windows PCs.

Piriform's owner, Avast, said it had managed to remove the compromised version before any harm had been done.

It appears that it was only the Windows version of CCleaner that was compromised.

Cleaning up

If the malicious hackers who had managed to subvert the software had not been spotted, they could have remotely taken over the devices of the 2.27 million people who had downloaded version 5.33 of the program, said Paul Yung, from Piriform.

Mr Yung said the company had spotted some "suspicious activity" on 12 September that led it to discover version 5.33 had been "illegally modified" before it had been made available to the public.

The modified version was available for about a month.

SEPT 16th 2017
BBC News

Equifax data breach: Credit rating firm replaces key staff

US credit report giant Equifax has replaced two senior staff after revealing last week it had suffered a massive data breach.

Data on up to 143 million Americans, about 400,000 Britons and a number of Canadians may have been stolen by hackers between mid-May and July.

The chief information officer and chief security officer have both stood down.

Equifax faces dozens of legal claims over the breach, which the US Federal Trade Commission is investigating.

Social security numbers, birth dates, addresses and driving licence numbers for up to 143 million Americans were exposed, the Atlanta-based firm says.

Credit card numbers for about 209,000 Americans and "certain dispute documents with personal identifying information" for some 182,000 Americans were also accessed by the hackers, it adds.

SEPT 15th 2017
The Register

Google to kill Chrome autoplay madness

Sorta, kinda, well not really

Google has promised to end the infuriating autoplay of videos in its Chrome browser - but with a heap of exceptions that may actually make the problem worse.

Most internet users have suffered from having sound blaring out from one browser tab while looking at a different one. Although Google made it easier to find the offending tab by adding a microphone icon, it's still an embuggerance and chews data for mobile users.

Now the ad giant has issued new guidelines for developers for Chrome 63 - due for release in October - that adds the option of turning off such videos on specific websites. By January, when Chrome 64 is released, all autoplay videos with sound will be blocked. But with some important caveats.

"Autoplay will be allowed when either the media won't play sound, or the user has indicated an interest in the media," wrote Google software engineer Mounir Lamouri.

SEPT 15th 2017
SC Magazine

Hackers can bypass new protections in MacOS High Sierra

MacOS High Sierra protections can be bypassed, but will make security researchers and companies work more difficult

Hackers can bypass a new security feature in MacOS High Sierra to load malicious kernel extensions.

According to security researchers at Synack, the forthcoming update to MacOS features something called Secure Kernel Extension Loading” (SKEL). Patrick Wardle, chief security researcher at Synack, said that while the feature was “wrapped in good intentions”, in its current implementation, SKEL “merely hampers the efforts of the ‘good guys'” (ie 3rd-party MacOS developers such as those that design security products).

“Due to flaws in its implementation, the bad guys (hackers/malware) will likely remain unaffected,” he said in a blog post.

SEPT 14th 2017
BBC News

Kaspersky: You can trust us despite US government ban

Eugene Kaspersky has denied that the cyber-security firm he founded is close to the Russian government and insists it poses no danger to its American customers.

Mr Kaspersky told the BBC that the Trump administration's move to ban government agencies from using his products was an "uncomfortable situation". The US has said it is concerned that Kaspersky is vulnerable to influence from the Kremlin.

But the company's founder said that while he lived in Moscow and his firm co-operated with Russian law enforcement on cyber-security, there were no deeper ties.

"When they say we have strong ties with Russian espionage it's not true," he told me via a video call from Argentina.

"We co-operate with many law enforcement agencies around the world - in the past with the US as well."

SEPT 8th 2017
BBC News

Massive Equifax data breach hits 143 million

About 143 million US customers of credit report giant Equifax may have had information compromised in a cyber security breach, the company has disclosed.

Equifax said cyber-criminals accessed data such as Social Security numbers, birth dates and addresses during the incident.

Some UK and Canadian customers were also affected.

The firm's core consumer and commercial credit databases were not accessed.

Security checks

Equifax said hackers accessed the information between mid-May and the end of July, when the company discovered the breach.

Malicious hackers won access to its systems by exploiting a "website application vulnerability", it said but provided no further details.

The hackers accessed credit card numbers for about 209,000 consumers, among other information.

SEPT 8th 2017
The Register

Microsoft says it won't fix kernel flaw: It's not a security issue. Suuuure

So stopping antivirus software from spotting malware is now a feature?

A design flaw within the Windows kernel that could stop antivirus software from recognizing malware isn't going to be fixed, Microsoft has said.

The issue, spotted this week by enSilo security researcher Omri Misgav, lies within the system call PsSetLoadImageNotifyRoutine, which has been part of Microsoft's operating system since Windows 2000 and is still active in the latest builds.

Antivirus tools use PsSetLoadImageNotifyRoutine to check if malicious code has been loaded into memory, but Misgav found that a cunning attacker could use poor coding behind the API to smuggle malware past scanners.

"During research into the Windows kernel, we came across an interesting issue with PsSetLoadImageNotifyRoutine which, as its name implies, notifies of module loading," he said in a blog post.

SEPT 7th 2017
SC Magazine

SynAck ransomware attacks on the rise - active £325k bitcoin wallet

Activity surrounding a new strain of ransomware named SynAck spiked last week with at least three different versions being reported.

Activity surrounding a new strain of ransomware named SynAck spiked last week with at least three different versions being reported to Bleeping Computer help forum and MalwareHunter's ID-Ransomware service.

SynAck first came to notice in early August, but operated at a low level until recently when an upward shift in activity was noticed. SynAck differs from other ransomware types by demanding its victims contact them directly through email or a BitMessage ID in order to arrange for the ransom payment, usually about £1,600 in bitcoin, instead of setting up a payment portal, reported Bleeping Computer. Additionally, the malware attaches its own randomly generated 10-character alphanumeric extension to the encrypted files.

SEPT 2nd 2017
BBC News

Catching the hackers in the act

Cyber-criminals start attacking servers newly set up online about an hour after they are switched on, suggests research.

The servers were part of an experiment the BBC asked a security company to carry out to judge the scale and calibre of cyber-attacks that firms face every day.

About 71 minutes after the servers were set up online they were visited by automated attack tools that scanned them for weaknesses they could exploit, found security firm Cyber Reason.

Once the machines had been found by the bots, they were subjected to a "constant" assault by the attack tools.

Thin skin

The servers were accessible online for about 170 hours to form a cyber-attack sampling tool known as a honeypot, said Israel Barak, head of security at Cyber Reason. The servers were given real, public IP addresses and other identifying information that announced their presence online.

SEPT 1st 2017
The Register

Microsoft sets the date for Fall Creators Update

After Lenovo leaks the details

Microsoft has used the IFA conference in Berlin to announce the next big update for Windows 10 users - the Fall Creators Update will be released on October 17.

Redmond has been ramping up the fast-track developer builds of the update over the past few weeks, largely ironing out bugs, and it now looks as though they feel it's ready to go. Terry Myerson, head of the Windows group at Microsoft, promised that this fourth update to Windows 10 would be the best yet.

"With the Fall Creators Update we are introducing some fun new ways to get creative," he enthused.

"As part of the update we will deliver an evolution to the photos experience that will let you tell your story like never before using photos, videos, and 3D effects; enhancements in gaming, security, and accessibility; and immersive new experiences made possible by Windows Mixed Reality."

SEPT 1st 2017
SC Magazine

Locky ransomware back in huge spam campaign; new variant escapes sandbox

Locky ransomware is back, being pushed out to victims in a concerted spam campaign. Security researchers have also discovered a variant of the ransomware that attempts to evade analysis by security firms using new approach.

Locky ransomware is back, being pushed out to victims in a concerted spam campaign. Security researchers have also discovered a variant of the ransomware that attempts to evade analysis by security firms using new approach.

Several security researchers have signalled the new campaign. Researchers at Comodo Threat Intelligence Lab, said that a second wave of new but related IKARUSdilapidated Locky ransomware attacks has occurred, building on the attacks discovered by the Comodo Threat Intelligence lab earlier in the month of August 2017.

It said that this campaign also uses a botnet of zombie computers to coordinate a phishing attack which sends emails to victims appearing to be from their organisation's scanner/printer, or other legitimate source and ultimately encrypts the victims' computers and demands a bitcoin ransom.

Aug 29th 2017
The Register

UK infrastructure failing to meet the most basic cybersecurity standards

We're all doomed

More than a third of national critical infrastructure organisations have not met basic cybersecurity standards issued by the UK government, according to Freedom of Information requests by Corero Network Security.

The FoIs were sent in March 2017 to 338 organisations including fire and rescue services, police forces, ambulance trusts, NHS trusts, energy suppliers and transport organisations. In total, 163 responses were received, with 63 organisations (39 per cent) admitting to not having completed the "10 Steps" programme. Among responses from NHS Trusts, only 58 per cent had completed the scheme.

In the event of a breach, critical infrastructure organisations could be liable for fines of up to £17m, or 4 per cent of global turnover, under the government's proposals to implement the EU's Network and Information Systems (NIS) directive from May 2018.

Aug 29th 2017
SC Magazine

Hackers rewrite Jimmy Nukebot malware to change its goals and tasks

Jimmy Nukebot malware trojan becomes more modular to increase flexibility and make static analysis much more complicated - shows ability to adapt to the goals and tasks set before a botnet to take advantage of a new source.

A modification of the Neutrino malware has been discovered by security researchers. The Trojan has been modified to put its functions into modules to make analysis much more difficult.

Dubbed Jimmy Nukebot by Kaspersky Lab researcher Sergey Yunakovsky, the Trojan has undergone an extensive rewrite by the author. Yunakovsky noted that one small difference that immediately stands out is in the calculation of checksums from the names of API functions/libraries and strings. In the first case, the checksums are used to find the necessary API calls; in the second case, for a comparison of strings (commands, process names).

“This approach makes static analysis much more complicated: for example, to identify which detected process halts the Trojan operation, it's necessary to calculate the checksums from a huge list of strings, or to bruteforce the symbols in a certain length range. NeutrinoPOS uses two different algorithms to calculate checksums for the names of API calls, libraries and for the strings,” he said.

He added that the malware has completely lost the functionality for stealing bank card data from the memory of an infected device; now, its task is limited solely to receiving modules from a remote node and installing them into the system.

Aug 29th 2017
The Register

Two million customer records pillaged in IT souk CeX hack attack

Computer reseller warns of password, personal info theft

Second-hand electronics dealership CeX says two million customers may have had their personal information swiped by hackers.

Several Reg readers dropped us a line after receiving an email from the Brit biz that informed them their personal details including first name, surname, address, email address and phone number had been illegally accessed by miscreants.

In some cases passwords were also stolen. The company says these were hashed, but warns - correctly - that weak passwords could still be cracked, so if you have reused one it's time to make some changes.

"We take the protection of customer data extremely seriously and have always had a robust security programme in place which we continually reviewed and updated to meet the latest online threats," CeX said in a statement.

missed out on the news? check out the NEW ARCHIVE
  © Quadsys 2014  -  Site Map  |  Privacy Policy  |  Terms of Use  |  Cookies Information  
Cookies in Use