Security researchers at Skylight Cyber have discovered a way to bypass a Machine Learning algorithm from Cylance, inserting code from a benign file that’s been previously marked as safe. The algorithm is weighted to automatically trust this code, so will mark files containing it as safe, even if they contain malware or have been identified as malicious in the past. Experts Comments: Gregory Webb, CEO at Bromium: “This really draws into question the whole concept of categorising code as ‘good or bad’, as researchers were able to just rebadge malware with strings from an online video game to trick the system into thinking…
ISBuzz Team
Attackers have created a fake Office 365 site that is distributing the TrickBot password-stealing Trojan disguised as Chrome and Firefox browser updates. In BleepingComputer’s testing, this fake Office 365 site found by MalwareHunterTeam looks like any site that would normally belong to Microsoft. In fact all of its links point to pages hosted on Microsoft domains. Expert Comments: Corin Imai, Senior Security Advisor at DomainTools: “This Office 365 scam is worrying for a number of reasons. Firstly, the widespread use of Office 365 as an enterprise tool means this scam casts an incredibly wide net. Secondly, the sophistication of the fake Microsoft webpage, which is so convincing it is likely…
It has been reported that tech giant Microsoft says it has detected more than 740 infiltration attempts by nation-state actors in the past year targeting U.S.-based political parties, campaigns and other democracy-focused organisations including think tanks and other nonprofits. Microsoft did not say how many infiltration attempts were successful but noted in a blog post Wednesday that such targeting similarly occurred in the early stages of the 2016 and 2018 elections. https://twitter.com/gigalaw/status/1151933469838204928 Expert Comments: Edgard Capdevielle, CEO at Nozomi Networks: “The news that in the past year Microsoft has detected more than 740 infiltration attempts by nation-state actors against US-based political parties, campaigns and other democracy-focused organisations is…
Researchers have discovered financial data, personally identifiable information (PII), and real-time location of millions of Chinese users have been leaked by an open Elastic cluster hosted on infrastructure owned by Aliyun Computing Co (also known as Alibaba Cloud). The highly sensitive information was added to the publicly-accessible database by over 100 mobile loan-related apps used by Chinese people when applying for loans. The leaked database (over 899GB) was open and growing for at least two weeks before being shut down. Chinese citizens who have used one of these apps have had their data put at risk, with the amounts borrowed shared. Other private data at…
According to this link, https://thehackernews.com/2019/07/linux-gnome-spyware.html, security researchers have discovered a rare piece of Linux spyware that’s currently fully undetected across all major antivirus security software products, and includes rarely seen functionalities with regards to most Linux malware. Designed to take desktop screenshots, steal files, capture audio recording from the user’s microphone as well as download and execute further second-stage malicious modules EvilGnome malware masquerades itself as a legit GNOME extension, a program that lets Linux users extend the functionality of their desktops The Linux implant also gains persistence on a targeted system using crontab, similar to windows task scheduler, and sends stolen…
Surrounding the current spotlight on the new FaceApp age challenge, Kaspersky has revealed a fake application that pretends to be FaceApp. This app infects the victims’ devices with an adware module called MobiDash. https://twitter.com/msnph/status/1152141778402738177 Expert Comments: Igor Golovin, Security Researcher at Kaspersky: “Kaspersky has identified a fake application that is designed to trick users into thinking it is a certified version of FaceApp but goes on to infect victims’ devices with an adware module called MobiDash. Once the application is downloaded from unofficial sources and installed, it simulates a failure and is subsequently removed. After that, a malicious module in the application rests discreetly on the user’s…
ESET researchers discover fraudulent schemes piggybacking on the popularity of the face-modifying tool FaceApp, using a fake “Pro” version of the application as a lure. The latest hype around the FaceApp application has attracted scammers who want to make a quick profit. The FaceApp application, which offers various face-modifying filters, is available for both Android and iOS. While the app itself is free, some features, marked as “PRO”, are paid. Recent concerns about FaceApp privacy issues have generated a huge wave of media attention. Scammers have been trying, to various ends, to exploit this wave of interest, using a fake “Pro” – yet free – version of…
Cyber attacks are inevitable, but it’s how an organisation deals with them that can make or break their business. Have they got all the answers, and do they fully understand the implications? Can they be sure the attack won’t happen again? Swift and comprehensive incident response is a critical step to ensuring the future security of a business and protecting its reputation. It’s not enough to be aware that an attack is taking (or has taken) place. There are four key questions organisations need to be able to answer following a cyber security breach – if a single answer is missing, the security team won’t…
Following the news that a new phishing scam is targeting American Express users with a message full of grammatical errors but which used a base HTML element to hide the malicious URL from antispam solutions, Corin Imai, senior security advisor at DomainTools commented below. Corin Imai, Senior Security Advisor at DomainTools: “Users should remember that when an email creates a sense of urgency, that is already in itself a sufficient reason to look at all the details more closely. As a general rule, users should always type the website URL in the address bar rather than clicking on a link – no…
Mobile threat researchers at Avast have detected seven apps on the Google Play Store that were all likely designed by a Russian developer to allow people to stalk employees, romantic partners, or kids. Avast detected and reported four of the apps to Google yesterday, who removed them from the Play Store. Today, the researchers detected the fifth, sixth, and seventh apps, called “Spy Tracker” and “Employee Work Spy” and “SMS Tracker”, and also reported these to Google. All together, these apps have been installed more than 130,000 times, with the most installed apps being Spy Tracker, and SMS Tracker, both…