Slashdot Mirror

← Back to Domains

Domain: paloaltonetworks.com

Stories and comments across the archive that link to paloaltonetworks.com.

Stories · 13

  1. New Mirai Malware Variant Targets Signage TVs and Presentation Systems (zdnet.com)

    It · Botnet · · posted by BeauHD · from the target-acquired dept. · 21 comments
    An anonymous reader quotes a report from ZDNet: Security researchers have spotted a new variant of the Mirai IoT malware in the wild targeting two new classes of devices -- smart signage TVs and wireless presentation systems. This new strain is being used by a new IoT botnet that security researchers from Palo Alto Networks have spotted earlier this year. The botnet's author(s) appears to have invested quite a lot of their time in upgrading older versions of the Mirai malware with new exploits. Palo Alto Networks researchers say this new Mirai botnet uses 27 exploits, 11 of which are new to Mirai altogether, to break into smart IoT devices and networking equipment. Furthermore, the botnet operator has also expanded Mirai's built-in list of default credentials, that the malware is using to break into devices that use default passwords. Four new username and password combos have been added to Mirai's considerable list of default creds, researchers said in a report published earlier today.

    The purpose and modus operandi of this new Mirai botnet are the same as all the previous botnets. Infected devices scan the internet for other IoT devices with exposed Telnet ports and use the default credentials (from their internal lists) to break in and take over these new devices. The infected bots also scan the internet for specific device types and then attempt to use one of the 27 exploits to take over unpatched systems.     The new Mirai botnet is specifically targeting LG Supersign signage TVs and WePresent WiPG-1000 wireless presentation systems.

  2. Data-Wiping Malware Destroys Data At Italian and UAE Oil and Gas Companies (zdnet.com)

    It · Security · · posted by BeauHD · from the coming-back-with-a-vengeance dept. · 39 comments
    An anonymous reader writes: A new variant of the Shamoon malware was discovered on the network of an Italian and UAE oil and gas company. While the damage at the UAE firm is currently unknown, the malware has been confirmed to have destroyed files on about ten percent of the Italian company's PC fleet. Shamoon is one of the most dangerous strains of malware known to date. It was first deployed in two separate incidents that targeted the infrastructure of Saudi Aramco, Saudi Arabia's largest oil producer, in 2012 and 2016. During those incidents, the malware wiped files and replaced them with propaganda images (burning U.S. flag and body of Alan Kurdi). The 2012 attack was devastating in particular, with Shamoon wiping data on over 30,000 computers, crippling the company's activity for weeks. Historically, the malware has been tied to the Iranian regime, but it's unclear if Iranian hackers were behind these latest attacks. This new Shamoon version was revealed to the world when an Italian engineer uploaded the malware on VirusTotal, triggering detections at all major cyber-security firms across the globe.

  3. Researchers Find iOS Malware That Infects Non-Jailbroken Devices (paloaltonetworks.com)

    Apple · Security · · posted by msmash · from the rotten-apple dept. · 39 comments
    An anonymous reader writes: Researchers at Palo Alto Networks are reporting about a new iOS malware that could infect non-jailbroken devices without a user's consent. Dubbed "AceDeceiver," the iOS malware exploits a flaw in Apple's DRM software. The researchers claim that the iOS malware could technically infect any type of iOS device, provided a user downloads a third-party app. From the blog post on Palo Alto Networks' website, "AceDeceiver is the first iOS malware we've seen that abuses certain design flaws in Apple's DRM protection mechanism -- namely FairPlay -- to install malicious apps on iOS devices regardless of whether they are jailbroken. This technique is called "FairPlay Man-In-The-Middle (MITM)" and has been used since 2013 to spread pirated iOS apps, but this is the first time we've seen it used to spread malware." The aforementioned malware required users to download a compromised Windows application. Apple has removed three offending apps from the App Store, and it appears that only users in China were targetted.

  4. Docs With Malicious Macros Deliver Fileless Malware (csoonline.com)

    News · Canada · · posted by BeauHD · from the monthly-subscription-to-malicious-malware dept. · 39 comments
    itwbennett writes: Researchers from Palo Alto Networks warn that attackers are using Word documents with malicious macros and PowerShell to infect computers with fileless malware. The rogue PowerShell script performs a variety of checks on the computer aimed at finding systems that are used to conduct financial transactions and to avoid systems that belong to security researchers as well as medical and educational institutions. "Due to the target-specific details contained within the spam emails and the use of memory-resident malware, this particular campaign should be treated as a high threat," the Palo Alto researchers said in a blog post. A similar combination of PowerShell and fileless malware was observed last week by researchers from the SANS Institute's Internet Storm Center.

  5. Docs With Malicious Macros Deliver Fileless Malware (csoonline.com)

    News · Canada · · posted by BeauHD · from the monthly-subscription-to-malicious-malware dept. · 39 comments
    itwbennett writes: Researchers from Palo Alto Networks warn that attackers are using Word documents with malicious macros and PowerShell to infect computers with fileless malware. The rogue PowerShell script performs a variety of checks on the computer aimed at finding systems that are used to conduct financial transactions and to avoid systems that belong to security researchers as well as medical and educational institutions. "Due to the target-specific details contained within the spam emails and the use of memory-resident malware, this particular campaign should be treated as a high threat," the Palo Alto researchers said in a blog post. A similar combination of PowerShell and fileless malware was observed last week by researchers from the SANS Institute's Internet Storm Center.

  6. Keylogger Authors Manage To Infect Themselves 16 Different Times

    It · Security · · posted by timothy · from the ok-but-let's-not-ever-say-skids-again dept. · 33 comments
    An anonymous reader writes: Last summer someone created and dumped the source code of a keylogger called KeyBase. Since then, hackers have been churning out their own versions, but as you'd expect, skids would play with it too. Palo Alto researchers found the (unprotected) Web panels of some of these keyloggers, and discovered screenshots of the hackers' computers. Some of them even had dating pics.

  7. Malware Targets Skype Users, Records Conversations (softpedia.com)

    Yro · China · · posted by timothy · from the nosey-little-devils dept. · 49 comments
    An anonymous reader writes: A new backdoor trojan is making the rounds, coming equipped with features that allow it to steal files, take screengrabs, and record Skype conversations. Currently detected targeting US organizations, researchers linked it to previous malware developed by a Chinese cyber-espionage group called Admin@338. Besides recording Skype conversations, the malware can also steal Office documents, and includes a complicated installation procedure that allows it to avoid antivirus software installed on the machine.

  8. Survey: Average Successful Hack Nets Less Than $15,000 (csoonline.com)

    Yro · Crime · · posted by timothy · from the short-attention-span dept. · 84 comments
    itwbennett writes: According to a Ponemon Institute survey, hackers make less than $15,000 per successful attack and net, on average, less than $29,000 a year. The average attacker conducts eight attacks per year, of which less than half are successful. Among the findings that will be of particular interest to defenders: Hackers prefer easy targets and will call off an attack if it is taking too long. According to the survey, 13 percent quit after a delay of five hours. A delay of 10 hours causes 24 percent to quit, a delay of 20 hours causes 36 to quit, and a majority of 60 percent will give up if an attack takes 40 additional hours. 'If you can delay them by two days, you can deter 60 percent of attacks,' said Scott Simkin, senior threat intelligence manager at Palo Alto Networks, which sponsored the study.

  9. ProxyBack Malware Turns Infected Computers into Internet Proxies (softpedia.com)

    It · Botnet · · posted by samzenpus · from the resistance-is-futile dept. · 71 comments
    An anonymous reader writes: A new malware family called ProxyBack infects PCs and transforms them into a Web proxy. ProxyBack malware works by infecting a PC, establishing a connection with a proxy server controlled by the attackers, from where it receives instructions, and later the traffic it needs to route to actual Web servers. Each machine infected with ProxyBack works as a bot inside a larger network controlled by the attackers, who send commands and update instructions via simple HTTP requests. Some of the people infected with this malware, mysteriously found their IP listed on the buyproxy.ru Web proxy service.A technical write-up of the infection steps and various malware commands is available on the Palo Alto Networks blog.

  10. Hackers Get Lazy, Build Trojan On Top of Android Rooting Utility (softpedia.com)

    Mobile · Android · · posted by samzenpus · from the easy-crimes dept. · 53 comments
    An anonymous reader writes: Instead of creating their own exploits, some lazy Chinese hackers took the Root Assistant Android rooting toolkit and remodeled it into a trojan, which they packed inside copies of legitimate apps (distributed via unofficial app stores). Until now, only seven apps were repackaged, and only 600 users infected. A weird thing: there's a XML file in the trojan that prevents it from infecting Chinese users.

  11. Advertising Malware Affects Non-Jailbroken iOS Devices

    It · Security · · posted by Soulskill · from the there's-an-app-for-that dept. · 69 comments
    An anonymous reader writes: Malware called YiSpecter is infecting iOS devices belonging to Chinese and Taiwanese users, and is the first piece of malware that successfully targets both jailbroken and non-jailbroken devices, Palo Alto Networks researchers warn. What's more, the techniques it uses for hiding are making it difficult to squash the infection. YiSpecter's malicious apps were signed with three iOS enterprise certificates issued by Apple so that they can be installed as enterprise apps on non-jailbroken iOS devices via in-house distribution. Through this kind of distribution, an iOS app can bypass Apple's strict code review procedures and can invoke iOS private APIs to perform sensitive operations.

  12. Apple XcodeGhost Malware More Malicious Than Originally Reported

    Apple · Ios · · posted by samzenpus · from the how-bad-is-it dept. · 79 comments
    An anonymous reader writes: Details were scant when Apple confirmed the XcodeGhost malware had infiltrated the iOS App Store. The company didn't say which specific iOS vulnerabilities were exposed and didn't indicate how its iPhone users were affected. However, a Palo Alto Networks security analyst is reporting that XcodeGhost had been used to phish for iCloud passwords, and more specific details are emerging. According to the Networkworld article: "URLs can be sent to the iOS device and opened. This isn't limited to HTTP and FTP URLs, but includes local URLs, such as itunes:// and twitter:// that iOS can be used for inter-app communications. For example, this could be used to force automatic phone calls to premium phone numbers, which can charge up to $1 per minute in some cases. Some iOS password manager apps use the system clipboard to paste passwords into the login dialog. As another example, the XcodeGhost malware can read and write data in the user's clipboard, which would allow it to snatch a password."

  13. Over 225,000 Apple Accounts Compromised Via iOS Malware

    Apple · Ios · · posted by Soulskill · from the seems-like-small-potatoes-these-days dept. · 217 comments
    An anonymous reader writes: Researchers from Palo Alto Networks and WeipTech have unearthed a scheme that resulted in the largest known Apple account theft caused by malware. All in all, some 225,000 valid Apple accounts have been compromised. The theft is executed via variants of the KeyRaider iOS malware, which targets jailbroken iOS devices. Most of the victims are Chinese — the malware is distributed through third-party Cydia repositories in China — but users in other countries have also been affected (European countries, the U.S., Australia, South Korea, and so on). "The malware hooks system processes through MobileSubstrate, and steals Apple account usernames, passwords and device GUID by intercepting iTunes traffic on the device," Palo Alto researcher Claud Xiao explained. "KeyRaider steals Apple push notification service certificates and private keys, steals and shares App Store purchasing information, and disables local and remote unlocking functionalities on iPhones and iPads."