Slashdot Mirror

An anonymous reader writes: As each day passes and researchers find more and more source code in the huge Hacking Team data dump, it becomes more clear what the company's customers could do with the spyware. After having revealed one of the ways that the company used to deliver its spyware on Android devices, Trend Micro researchers have analyzed the code of the actual spyware: RCS Android (Remote Control System Android). Unsurprisingly, it can do so many things and spy on so many levels that they consider it the most sophisticated Android malware ever exposed. The software can, among other things, gather device information, capture screenshots and photos, record speech by using the devices' microphone, capture voice calls, record location, capture Wi-Fi and online account passwords, collect contacts and decode messages from IM accounts, as well as collect SMS, MMS, and Gmail messages. Hacking Team says it sold its surveillance and intrusion software strictly within the law.

An anonymous reader writes: As each day passes and researchers find more and more source code in the huge Hacking Team data dump, it becomes more clear what the company's customers could do with the spyware. After having revealed one of the ways that the company used to deliver its spyware on Android devices, Trend Micro researchers have analyzed the code of the actual spyware: RCS Android (Remote Control System Android). Unsurprisingly, it can do so many things and spy on so many levels that they consider it the most sophisticated Android malware ever exposed. The software can, among other things, gather device information, capture screenshots and photos, record speech by using the devices' microphone, capture voice calls, record location, capture Wi-Fi and online account passwords, collect contacts and decode messages from IM accounts, as well as collect SMS, MMS, and Gmail messages. Hacking Team says it sold its surveillance and intrusion software strictly within the law.

An anonymous reader writes: Worried that you might have been targeted with Hacking Team spyware, but don't know how to find out for sure? IT security firm Rook Security has released Milano, a free automated tool meant to detect the Hacking Team malware on a computer system. Facebook has also offered a way to discover if your Mac(s) have been compromised by Hacking Team malware: they have provided a specific query pack for its open source OS analysis tool osquery.

An anonymous reader writes: Worried that you might have been targeted with Hacking Team spyware, but don't know how to find out for sure? IT security firm Rook Security has released Milano, a free automated tool meant to detect the Hacking Team malware on a computer system. Facebook has also offered a way to discover if your Mac(s) have been compromised by Hacking Team malware: they have provided a specific query pack for its open source OS analysis tool osquery.

An anonymous reader writes with word that owners of Range Rover and Range Rover Sport SUVs (model year 2013 and newer) will need to get their cars' software updated, which means a visit to a dealer. The update will fix a bug in the cars' locking system, which occasionally resulted in car doors randomly unlocking and opening themselves (in one instance, when the car was moving). This is not the first time that a car manufacturer asked customers to contact dealers for a security update. In July, Ford has recalled over 430,000 cars in North America because of a bug that prevented the engine from shutting down even after the ignition key was put into the "off" position and removed.

An anonymous reader writes with Help Net Security's report that a new zero-day vulnerability in Java is being exploited, quoting from which: The flaw was spotted by Trend Micro researchers, who are closely monitoring a targeted attack campaign mounted by the economic and political cyber-espionage operation Pawn Storm. The existence of the flaw was discovered by finding suspicious URLs that hosted the exploit. The exploit allows attackers to execute arbitrary code on target systems with default Java settings. Until a patch is made, disabling Java is the recommended course of action.

An anonymous reader writes with Help Net Security's report that a new zero-day vulnerability in Java is being exploited, quoting from which: The flaw was spotted by Trend Micro researchers, who are closely monitoring a targeted attack campaign mounted by the economic and political cyber-espionage operation Pawn Storm. The existence of the flaw was discovered by finding suspicious URLs that hosted the exploit. The exploit allows attackers to execute arbitrary code on target systems with default Java settings. Until a patch is made, disabling Java is the recommended course of action.

An anonymous reader writes: Who hacked Hacking Team, the Milan-based company selling intrusion and surveillance software to governments, law enforcement agencies and (as it turns out) companies? A hacker who goes by "Phineas Fisher" claims it was him (her? them?). In the meantime, Hacking Team is scrambling to minimize the damage this hack and data leak is doing to the company. They sent out emails to all its customers, requesting them to shut down all deployments of its Remote Control System software ("Galileo") — even though it seems they could do that themselves, as the customer software apparently has secret backdoors. Perhaps they chose the first route because they hoped to keep that fact hidden from the customers? And because every copy of Hacking Team's Galileo software is secretly watermarked, the leaked information could allow researchers to link a certain backdoor to a specific customer.

An anonymous reader writes with a report from Help Net Security which assigns some numbers to the lucrative fraud-by-phone business in the U.S. -- and it's not just the most naive who are vulnerable. "Phone fraud continues to threaten enterprises across industries and borders, with the leading financial institutions' call centers exposed to more than $9 million to potential fraud each year," says the article. "Pindrop analyzed several million calls for threats, and found a 30 percent rise in enterprise attacks and more than 86.2 million attacks per month on U.S. consumers. Credit card issuers receive the highest rate of fraud attempts, with one in every 900 calls being fraudulent."

What's been your experience with fraudulent robocalls? I've been getting them on a near-daily basis -- fake credit card alerts, "computer support" malware-install attempts, and more -- for a few years now, which makes whitelisting seem attractive. ("Bridget from account services" has been robo-calling a lot lately, and each time she says it is my final notice.) My biggest worry is that the people behind these scams, like spammers, will hire copywriters who can fool many more people.

An anonymous reader writes: Trustwave released a new report which reveals the top cybercrime, data breach and security threat trends. According to their findings, attackers receive an estimated 1,425 percent return on investment for exploit kit and ransomware schemes ($84,100 net revenue for each $5,900 investment). Retail was the most compromised industry making up 43 percent of investigations followed by food and beverage (13 percent) and hospitality (12 percent).

An anonymous reader writes: Security is not a property of a technical system," says independent security consultant Eleanor Saitta. "Security is the set of activities that reduce the likelihood of a set of adversaries successfully frustrating the goals of a set of users." But software development teams that understand what users want and what adversaries they face are very rare. And security engineers forgot — or misunderstood — what their job is: not securing computers, but securing activities that lead to the realization of greater goals.

An anonymous reader writes: Kaspersky Lab has revealed that it was recently subject to a major cyberattack. The company launched an investigation, which led to the discovery of a new malware platform from Duqu. Kaspersky has revealed that the attack exploited zero-day vulnerabilities and the malware has spread in the network through MSI (Microsoft Software Installer) files. "The attack is extremely sophisticated, and this is a new generation of what is most likely state-sponsored malware," Kaspersky said during the press conference. "It's a kind of a mix of Alien, Terminator and Predator, in terms of Hollywood."

An anonymous reader writes: A joint international operation led to the arrests of 49 suspected members of a cybercriminal group in Europe. The operation involved law enforcement agencies from several different nations, including Italy, Spain, Poland, Belgium, Georgia, and the UK. Police searched 58 separate properties, seizing laptops, hard disks, telephones, tablets, credit cards and cash, SIM cards, memory sticks, forged documents and bank account documents. The criminals came to the attention of police after repeatedly initiating man-in-the-middle attacks against European companies, using intrusions and social engineering to route corporate payments to their own bank accounts.

An anonymous reader writes with a link to some interesting commentary at Help Net Security from Drone Lab CEO Zain Naboulsi about a security issue of a (so far) unusual kind: detecting drones whose masters are bent on malice. That's relevant after the recent drone flight close enough to the White House to spook the Secret Service, and that wasn't the first -- even if no malice was involved. Drones at their most dangerous in that context are small, quiet, and flying through busy, populated spaces, which makes even detecting them tough, never mind defeating them. From the article, which briefly describes pros and cons of various detection methods: Audio detection does NOT work in urban environments - period. Most microphones only listen well at 25 to 50 feet so, because of the ambient noise in the area, any audio detection method would be rendered useless at 1600 Pennsylvania Avenue. It is also too simple for an operator to change the sound signature of a drone by buying different propellers or making other modifications. It doesn't take much to defeat the many weaknesses of audio detection.

An anonymous reader writes: Senior researcher Scott Lester at Context Information Security has shown how someone can easily monitor and record Bluetooth Low Energy signals transmitted by many mobile phones, fitness monitors, and iBeacons. The findings have raised concerns about the privacy and confidentiality wearable devices may provide. “Many people wearing fitness devices don’t realize that they are broadcasting constantly and that these broadcasts can often be attributed to a unique device,” said Scott says. “Using cheap hardware or a smartphone, it could be possible to identify and locate a particular device – that may belong to a celebrity, politician or senior business executive – within 100 meters in the open air. This information could be used for social engineering as part of a planned cyber attack or for physical crime by knowing peoples’ movements.” The researchers have even developed an Android app that scans, detects and logs wearable devices.

One of the best first steps in setting up a Windows machine is to install PuTTY on it, so you have a highly evolved secure shell at your command. An anonymous reader writes, though, with a note of caution if you're installing PuTTY from a source other than the project's own official page. A malicious version with information-stealing abilities has been found in the wild. According to the article: Compiled from source, this malicious version is apparently capable of stealing the credentials needed to connect to those servers. "Data that is sent through SSH connections may be sensitive and is often considered a gold mine for a malicious actor. Attackers can ultimately use this sensitive information to get the highest level of privileges on a computer or server, (known as 'root' access) which can give them complete control over the targeted system," the researchers explained. The Symantec report linked above also shows that (at least for this iteration) the malware version is easy to spot, by hitting the "About" information for the app.

An anonymous reader writes: Belgium's Privacy Protection Commission says that Facebook tramples on European privacy laws by tracking people online without their consent and dodges questions from national regulators. They have issued a set of recommendations for both Facebook, website owners and end users. Net-Security reports: "The recommendations are based on the results of an extensive analysis of Facebook's revised policies and terms (rolled out on January 30, 2015) conducted by the inter-university research center EMSOC/SPION, which concluded that the company is acting in violation of European law. According to them Facebook places too much burden on its users to protect their privacy, and then doesn't offer simple tools and settings to do so, and sets up some problematic default settings. They also don't provide adequate information for users to make informed choices."

An anonymous reader writes: According to federal prosecutors three women are responsible for an identity theft and wire fraud scheme targeting both the Houston and Atlanta passport agencies. Chloe McClendon, Alicia Myles, and Dominique Thomas are accused of stealing personal information from the passport administration and transmitting it back and forth between one another. The stolen information was used to obtain lines of credit in order to purchase iPhones, iPads and other electronics. The scheme went on for over five years.

An anonymous reader writes: Despite housing an organization's most valuable and sensitive information, SAP systems are not protected from cyber threats by traditional security approaches. Based on assessments of hundreds of SAP implementations, the Onapsis Research Labs study found that over 95 percent of SAP systems were exposed to vulnerabilities that could lead to full compromise of the company's business data and processes. Most companies are also exposed to protracted patching windows averaging 18 months or more. In 2014 alone, 391 security patches were released by SAP, averaging more than 30 per month. Almost 50 percent of them were ranked as "high priority" by SAP.

Orome1 writes with a snippet from a report at net-security.org; a hacker going by Hephaestos has shared with the world a Python script that, when put on an USB thumb drive, turns the device in an effective kill switch for the computer to which it's plugged in. USBkill, as the programmer dubbed it, "waits for a change on your USB ports, then immediately kills your computer." The device would be useful "in case the police comes busting in, or steals your laptop from you when you are at a public library," Hephaestos explained.

An anonymous reader writes: For over 5 years, and perhaps even longer, servers around the world running Linux and FreeBSD operating systems have been targeted by an individual or group that compromised them via a backdoor Trojan, then made them send out spam, ESET researchers have found. What's more, it seems that the spammers are connected with a software company called Yellsoft, which sells DirectMailer, a "system for automated e-mail distribution" that allows users to send out anonymous email in bulk. Here's the white paper in which the researchers explain the exploit.

An anonymous reader writes: A group of researchers from University of Washington have tested the security of a teleoperated robotic surgery system created by their colleagues, and have found it severely lacking. "Teleoperated surgical robots will be expected to use a combination of existing publicly available networks and temporary ad-hoc wireless and satellite networks to send video, audio and other sensory information between surgeons and remote robots. It is envisioned these systems will be used to provide immediate medical relief in under-developed rural terrains, areas of natural and human-caused disasters, and in battlefield scenarios," the researchers noted, and asked: "But what if these robotic systems are attacked and compromised?"

An anonymous reader writes "After nearly two years of waiting for Mojang to fix a security vulnerability that can be used to crash Minecraft servers, programmer Ammar Askar has released a proof of concept exploit for the flaw in the hopes that this will force them to do something about it. "Mojang is no longer a small indie company making a little indie game, their software is used by thousands of servers, hundreds of thousands people play on servers running their software at any given time. They have a responsibility to fix and properly work out problems like this," he noted." Here is Askar's own post on the exploit, and his frustration with the response he's gotten to disclosing it to the developers.

An anonymous reader writes Ben-Gurion University of the Negev (BGU) researchers have discovered a new method to breach air-gapped computer systems called "BitWhisper," which enables two-way communications between adjacent, unconnected PC computers using heat. BitWhisper bridges the air-gap between the two computers, approximately 15 inches apart that are infected with malware by using their heat emissions and built-in thermal sensors to communicate. It establishes a covert, bi-directional channel by emitting heat from one PC to the other in a controlled manner. Also at Wired.

An anonymous reader writes As announced on Monday, the OpenSSL project team has released new versions of the cryptographic library that fix a number of security issues. The announcement created a panic within the security community, who were dreading the discovery of another Heartbleed-type bug, but as it turns out, the high severity issue fixed is a bug than can be exploited in a DoS attack against servers. Other issues fixed are mostly memory corruption and DoS flaws of moderate and low severity.

An anonymous reader writes: U.S. healthcare provider Premera Blue Cross has suffered a data breach that resulted in a potential compromise of personal, financial and health-related information of as many as 11 million applicants and members. The breach was detected on January 29, 2015, and the investigation mounted by the company and by forensic investigators from Mandiant has revealed that the initial attack happened on May 5, 2014. The FBI has also been notified, and is involved in the investigation."

An anonymous reader writes A new piece of ransomware that (mis)uses the Cryptolocker "brand" has been analyzed by Bromium researchers, and they discovered that aside from the usual assortment of file types that ransomware usually targets, this variant also encrypts file types associated with video games and game related software. It targets files associated with single-user games Call of Duty, Star Craft 2, Diablo, Fallout 3, Minecraft, Half-Life 2, Dragon Age: Origins, The Elder Scrolls and specifically Skyrim-related files, Star Wars: The Knights Of The Old Republic, WarCraft 3, F.E.A.R, Saint Rows 2, Metro 2033, Assassin's Creed, S.T.A.L.K.E.R., Resident Evil 4, Bioshock 2; and online games World of Warcraft, Day Z, League of Legends, World of Tanks, and Metin2. Here's the Bromium Labs report.

An anonymous reader writes: Researchers from IBM's security team have discovered an authentication flaw in the Dropbox Software Development Kit (SDK) for Android that can be exploited to capture new data a user saves to its Dropbox account. The flaw has been extensively documented by the researchers in a blog post, but the things you initially need to know are these: the vulnerability can be exploited if you use an app that uses a Dropbox SDK Version 1.5.4 through 1.6.1 (the latest one is v1.6.3), or if you visit a specially-crafted malicious page with your Android web browser targeting that app, and that's only if you don't have the Dropbox for Android app installed. Also, an attacker can't access the data you have previously stored in your Dropbox account.

An anonymous reader writes: A recently released report (PDF) by the U.S. Government Accountability Office has revealed that despite some improvements, the Federal Aviation Administration (FAA) still needs to quash significant security control weaknesses that threaten the agency's ability to ensure the safe and uninterrupted operation of the national airspace system (NAS). The report found that while the "FAA established policies and procedures for controlling access to NAS systems and for configuring its systems securely, and it implemented firewalls and other boundary protection controls to protect the operational NAS environment [...] a significant number of weaknesses remain in the technical controls—including access controls, change controls, and patch management—that protect the confidentiality, integrity, and availability of its air traffic control systems."

An anonymous reader writes A vulnerability in the update mechanism for the wireless networks operated by GoPro cameras has allowed a security researcher to easily harvest over a 1,000 login credentials (including his own). The popular rugged, wearable cameras can be controlled via an app, but in order to do so the user has to connect to the camera's Wi-Fi network. Israel-based infosec expert Ilya Chernyakov discovered the flaw when he had to access the network of a friend's camera, but the friend forgot the login credentials.

An anonymous reader writes The National Crime Agency's National Cyber Crime Unit worked with law enforcement colleagues in the Netherlands, Italy and Germany, co-ordinated through Europol's European Cybercrime Centre, to shut down command and control servers used by the RAMNIT botnet. Investigators believe that RAMNIT may have infected over three million computers worldwide, with around 33,000 of those being in the UK. It has so far largely been used to attempt to take money from bank accounts.

An anonymous reader writes Whistleblowers and those individuals that are simply out to make a buck out of any confidential and valuable information, can now offer it for sale on Darkleaks, a decentralized, anonymous black market on the Internet. The Darkleaks project is built on top of the Bitcoin blockchain, and can be used by downloading this software package (source code is open).

An anonymous reader writes A new Android Trojan that tricks users into believing they have shut their device down while it continues working, and is able to silently make calls, send messages, take photos and perform many other tasks, has been discovered and analyzed by AVG researchers. They dubbed it, and AVG's security solutions detect it as PowerOffHijack.

An anonymous reader writes A number of Netgear home wireless routers sport a vulnerability that can be misused by unauthenticated attackers [here's the report at seclists.org] to obtain the administrator password, device serial number, WLAN details, and various details regarding clients connected to the device, claims systems/network engineer Peter Adkins. The vulnerability is found in the embedded SOAP service, which is a service that interacts with the Netgear Genie application that allows users to control (change WLAN credentials, SSIDs, parental control settings, etc.) their routers via their smartphones or computers.

An anonymous reader writes "In this month's Patch Tuesday, Microsoft has released nine security bulletins to address 56 unique vulnerabilities in Microsoft Windows, Microsoft Office, Internet Explorer, and Microsoft Server software. Of the nine security bulletins, three are rated Critical in severity, and among these three is one that addresses a years-old design flaw that can be exploited remotely to grant attackers administrator-level privileges to the targeted machine or device. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights." Reader jones_supa writes, though, that the most recent patch rollout came with a bug of its own, since corrected: the company apparently botched a rollup update for Visual Studio 2010 Tools for Office Runtime: "There is an issue with KB3001652: many users are reporting that it is locking up their machines while trying to install it. It does not seem that this patch is doing any other damage though, such as bricking the operating system. These days Microsoft appears to be reacting quickly to this kind of news as it looks like the patch has already been pulled from Windows Update."

An anonymous reader writes A new multi-purpose Linux Trojan that opens a backdoor on the target machine and can make it participate in DDoS attacks has been discovered and analyzed by Dr. Web researchers, who believe that the Chinese hacker group ChinaZ might be behind it. "First, Linux.BackDoor.Xnote.1 sends information about the infected system to the server. It then goes into standby mode and awaits further instructions. If the command involves carrying out some task, the backdoor creates a separate process that establishes its own connection to the server through which it gets all the necessary configuration data and sends the results of the executed task," the researchers explained.

An anonymous reader writes Anthem, the second-largest health insurer in the United States, has suffered a data breach that may turn out to be the largest health care breach to date, as the compromised database holds records of some 80 million individuals. Not much is known about how the attack was discovered, how it unfolded and who might be behind it, but the breach has been confirmed by the company's CEO Joseph Swedish in a public statement, in which he says they were the victims of a "very sophisticated external cyber attack." The company has notified the FBI, and has hired Mandiant to evaluate their systems and identify solutions to secure them. Swedish said the breach is extensive: the vulnerable data included "names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information, including income data," though "no credit card or medical information, such as claims, test results or diagnostic codes were targeted or compromised." (Also covered by Reuters.)

An anonymous reader writes At least one and likely more D-Link routers as well as those of other manufacturers using the same firmware are vulnerable to remote changing of DNS settings and, effectively, traffic hijacking, a Bulgarian security researcher has discovered. Todor Donev, a member of the Ethical Hacker research team, says that the vulnerability is found in the ZynOS firmware of the device, D-Link's DSL-2740R ADSL modem/wireless router. The firmware in question is implemented in many networking equipment manufactured by D-Link, TP-Link Technologies and ZTE.

An anonymous reader writes A recent incident at the White House showed that small aerial vehicles (drones) present a specific security problem. Rahul Sasi, a security engineer at Citrix R&D, created MalDrone, the first backdoor malware for the AR drone ARM Linux system to target Parrot AR Drones, but says it can be modified to target others as well. The malware can be silently installed on a drone, and be used to control the drone remotely and to conduct remote surveillance. Meanwhile, the Chinese company that created the drone that crashed on the White House grounds has announced a software update for its "Phantom" series that will prohibit flight within 25 kilometers of the capital.

An anonymous reader writes Since the three day terror attack that started in France on January 7 with the attack on satirical newspaper Charlie Hebdo, 19,000 websites of French-based companies have been targeted by cyber attackers. This unprecedented avalanche of cyber attacks targeted both government sites and that of big and small businesses. Most were low-level DDoS attacks, and some were web defacements. Several websites in a number of towns in the outskirts of Paris have been hacked and covered with an image of an ISIS flag. The front pages of the official municipality websites have been covered with the Jihadist militant group's black flag. In a report, Radware researchers noted that Islamic hacker group AnonGhost has also launched a "digital jihad" against France.

An anonymous reader writes How to make politicians really understand the dangers of mass digital surveillance and the importance of information security? Gustav Nipe, the 26-year old president of the Swedish Pirate Party's youth wing, tried to do it by setting up an open Wi-Fi network at the Society and Defence National Conference held in Sälen, Sweden, and collecting and analyzing the metadata of conference attendees who connected to it. Nipe set up an open wireless Internet access point named "Open Guest" and over 100 delegates used this particular unsecured Wi-Fi network to go online. The collected metadata showed that, among other sites, they visited those of daily Swedish newspaper Aftonbladet, Swedish private ads website Blocket, eBay, and tourism sites. "This was during the day when I suppose they were being paid to be at the conference working," Nipe noted for The Local.

An anonymous reader writes As vehicles increasingly rely on automation, software and technology enhancements to run basic functionality, those systems serve as a potential safety risk when under cyber attack. Mission Secure uses a proprietary methodology developed by the University of Virginia with the Department of Defense for identifying the most consequential and easy to carry out cyber attacks on any system that a defense capability must address. The goal of the pilot is to demonstrate how to identify vehicle safety threats malicious cyber attackers could use to easily compromise the vehicle's key control systems and how these attacks could be detected and protected.

An anonymous reader writes: This article argues that organizations need to move beyond focusing purely on the prevention of security incidents, and start to concentrate on what they will do when an incident occurs. IT security "fire drills," supported by executive management should be conducted regularly in organizations, in order to understand the appropriate course of action in advance of a security breach. This includes recovering evidence, identifying and resolving the root cause of the incident (not just the symptoms), and undertaking a forensic investigation.

An anonymous reader writes Tens of millions of dollars, credit cards and intellectual property was stolen by a new group of cyber criminals. Group-IB and Fox-IT, in a joint research effort, have released a report about the Anunak hackers group (PDF). This group has been involved in targeted attacks and espionage since 2013. Anunak targets banks and payment systems in Russia and CIS countries. In Europe, the U.S., and Latin America, criminals were mainly focusing on retail networks as well as mass media resources. Anunak is unique in that it aims to target banks and e-payment systems. The goal is to get into bank networks and gain access to secured payment systems. As a result, the money is stolen not from the customers, but from the bank itself. If they manage to infect governmental networks, they use the infrastructure for espionage.

An anonymous reader writes: Analyzing more than 2,000 Stuxnet files collected over a two-year period, Kaspersky Lab can identify the first victims of the Stuxnet worm. Initially security researchers had no doubt that the whole attack had a targeted nature. The code of the Stuxnet worm looked professional and exclusive; there was evidence that extremely expensive zero-day vulnerabilities were used. However, it wasn't yet known what kind of organizations were attacked first and how the malware ultimately made it right through to the uranium enrichment centrifuges in the particular top secret facilities. Kaspersky Lab analysis sheds light on these questions.

An anonymous reader writes Kaspersky Lab researched the Darkhotel espionage campaign, which has lurked in the shadows for at least four years while stealing sensitive data from selected corporate executives traveling abroad. Darkhotel hits its targets while they are staying in luxury hotels. The crew never goes after the same target twice; they operate with surgical precision, obtaining all the valuable data they can from the first contact, deleting traces of their work and fading into the background to await the next high profile target. The most recent traveling targets include top executives from the USA and Asia doing business and investing in the APAC region: CEOs, senior vice presidents, sales and marketing directors and top R&D staff. This threat actor is still active.

An anonymous reader writes: Microsoft is warning users about a new Windows zero-day vulnerability that is being actively exploited in the wild and is primarily a risk to users on servers and workstations that open documents with embedded OLE objects. The vulnerability is currently being exploited via PowerPoint files. These specially crafted files contain a malicious OLE (Object Linking and Embedding) object. This is not the first time a vulnerability in OLE has been exploited by cybercriminals, however most previous OLE vulnerabilities have been limited to specific older versions of the Windows operating system. What makes this vulnerability dangerous is that it affects the latest fully patched versions of Windows.

An anonymous reader writes "Researchers have found a way to deliver a malicious app to Android users by hiding it into what seems to be an encrypted image file, which is then delivered via a legitimate, seemingly innocuous wrapper app. Fortinet malware researcher Axelle Apvrille and reverse engineer Ange Albertini created a custom tool they dubbed AngeCryption, which allows them to encrypt the payload Android application package (APK) and make it look like an image (PNG, JPG) file . They also had to create another APK that carries the "booby-trapped" image file and which can decrypt it to unveil the malicious APK file and install it. A malicious app thusly encrypted is nearly invisible to reverse engineers, and possibly even to AV solutions and Google's Android Bouncer." (Here's the original paper, from researchers Axelle Apvrille and Ange Albertini.)

An anonymous reader writes Dropbox has denied that they have been hacked, and that the login credentials leaked by an unknown individual on Pastebin are those of Dropbox users. "Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox," Anton Mityagin from the Dropbox security department noted in a post.

An anonymous reader writes: Kaspersky Lab performed a forensic investigation into cybercriminal attacks targeting multiple ATMs around the world. During the course of this investigation, researchers discovered the Tyupkin malware used to infect ATMs and allow attackers to remove money via direct manipulation, stealing millions of dollars. The criminals work in two stages. First, they gain physical access to the ATMs and insert a bootable CD to install the Tyupkin malware. After they reboot the system, the infected ATM is now under their control and the malware runs in an infinite loop waiting for a command. To make the scam harder to spot, the Tyupkin malware only accepts commands at specific times on Sunday and Monday nights. During those hours, the attackers are able to steal money from the infected machine.