Top News

Grid List

Today, we will replicate a technique which has been used by recent, sophisticated and hard to trace a Russian malware called Hammertoss.

Comment (0) Hits: 42

Newly disclosed documents show that the NSA had found a way to continue spying on American citizens' email traffic from overseas.

Comment (0) Hits: 92

Dell shipped systems with the eDellRoot certificate's public and private key.

Comment (0) Hits: 143

Over the last few days, the group responsible for extortion attempts and death threats against Ashley Madison users has turned to a new set of targets – Patreon users.

Comment (0) Hits: 147

The Zerodium (Zero-day broker) company has published a price list for various classes of software targets and digital intrusion methods.

Comment (0) Hits: 129

The developers of the Dyre banking Trojan have released a new version of the malware that includes support for Windows 10 and Microsoft Edge.
The security firms Heimdal Security and F5 Networks have uncovered a new version of the Dyre (Dyreza) banking Trojan that includes support for Windows 10 and Microsoft Edge.

The new variant of Dyre now also targets Chrome, Firefox and Internet Explorer, and it is able to hook its code into the process of Microsoft Edge.

dyre malwareAccording to the Heimdal Security more than 80.000 machines are already infected with Dyre Trojan across the world.

The experts at F5 who analyzed the new Dyre Trojan have discovered that the authors have renamed some of the existing commands and have implemented new functionalities.

Below the list of new commands added to the new variant of the malware:

  • 0xF1"lli" – Get the botid name
  • srvv – Get the C&C IP
  • dpsr – Get the data POST server IP
  • grop – Get the botnet name
  • seli – Get the self-IP
  • gcrc – Get the fake pages configuration
  • gcrp – Get the server-side webinjects configuration
  • pngd – Get the account information stolen by the pony module
  • sexe – Among other jobs, it copies the droppee path and its content both to Dyre's special structure and the configuration file on disk. It also tries to get the anti-antivirus module from the C&C.
  • gsxe – Get the droppee path

The new commands are used to get the IP of the command and control (C&C) server, the botnet name, configuration for fake pages, configuration for server-side webinjects, account information stolen by the Pony module, and an anti-antivirus module.

The Dyte include a module specifically designed to locate security products installed on the infected machine and disable them, this module is named "aa32" on Windows 32-bit versions and "aa64" on 64-bit versions. The module is injected into the "spoolsv.exe" process and it is able to neutralize the principal antivirus software, including solutions designed by Avira, AVG, Malwarebytes, Fortinet, Trend Micro and also the Windows Defender service.

To make the malware more difficult to analyze, the authors of the last version have encrypted hardcoded debug strings and only decrypt them during runtime.

Previous versions of Dyre gain persistence by using a Run key in the registry, but the last one used a scheduled task that is run every minute.

"We conclude from the addition of these features that the authors of the malware strive to improve their resilience against anti-viruses, even at the cost of being more conspicuous," is reported in the blog post published by F5. "They also wish to keep the malware up-to-date with current OS releases in order to be 'compatible' with as many victims as possible. There is little doubt that the frequent updating will continue, as the wicked require very little rest."

Experts believe that the new variant of Dyre is spreading in the wild to monetize the coming holiday season.

"The timing of this new strain is just right: the season for Thanksgiving, Black Friday and Christmas shopping is ready to start, so financial malware will be set to collect a huge amount of financial data. Users will be busy, prone to multitasking and likely to choose convenience over safety online," Heimdal Security noted.

Comment (0) Hits: 201

"Want to keep using the pacemaker? "" pay us 2 bitcoins" Experts fear that ransomware will start targeting medical devices.
Technology has a huge role in our lives, we depend on it even more, including our smartwatch and also our medical device. Unfortunately, we usually forgot that even our medical devices, the ones they help to save lives, are also technological devices that could be affected by many security issues like a normal PC ... and hackers can exploit these vulnerabilities!

A report issued by Forrester released some days ago, predict that for 2016 we will start seeing ransomware take advantage of medical devices.

Now imagine that a patient having a pacemaker suddenly receives a message on his phone saying "Want to keep using the pacemaker? ", " pay us 2 bitcoins", it may look bizarre, but its probably things that may happen in a near future.

It is a bold prediction by "Predictions 2016: Cybersecurity Swings To Prevention" report, but honestly it's something that already crossed our minds.

"It's definitely feasible from a technical standpoint," "see it as something that could happen next year. All that would be required from an attacker standpoint is small modifications to the malware to make it work." Explained Billy Rios, a popular hacker and medical device security researcher.

We could argue that it's not correct to get a profit from situations like this, but many crooks, just don't care.

medical device ransomware hackingThe ICS-ALERT-13-164-01 from 2013 done by Rios and Terry McCorkle showed that 300 medical devices were using hard-coded passwords, that are set at the factory, that can't be disabled or changed, these passwords are discriminated in the manual of the manufacturer.

The truth is, Cyber security exist probably since the last 15-25 years, but it's something new in the Medical Industry and as Joshua Corman, founder of I Am the Cavalry says:

"While we've been doing this for 15-25 years in cyber, this is year zero or one for them [the healthcare industry],""We can't give them 15-25 years to catch up, although it's not reasonable to get there overnight....We're trying to approach this with teamwork and ambassador skill, not a pointing finger, but a helping hand."

Ransomware is a huge business, and the major security vendors have been saying that 2015 had a huge increase in the Ransomware use and profit, and it tends to get even more with the IoT and all the devices connected to the internet.

Months ago on SecurityAffairs we talked about a list developed by I Am The Cavalry that was created to mitigate threat in cars, and now they are planning the same type of list but this time for medical devices.

There are many challenges ahead, when dealing with Medical devices, but we are starting to see many people worried about it, so I believe that many security researchers will focus their attention on them, but for this we also need the support of the medical devices manufacturers.

Comment (0) Hits: 166

EMC and Hartford Hospital have agreed to pay US$90,000 to Connecticut in connection with the loss in 2012 of an unencrypted laptop containing patient information of 8,883 residents of the state, according to the state's attorney general.

Comment (0) Hits: 234

Healthcare has become a favorite target for criminals, and some medical organizations are reacting by looking at outside providers to keep their data secure.But jumping to the cloud without first taking some precautions can be a mistake, experts say.

Comment (0) Hits: 421

A survey of major industries reveals health care organizations are below average in secure coding.

Comment (0) Hits: 363

Companies in the healthcare sector are three times more likely to encounter data theft than the average firm, according to a report released this morning.

Comment (0) Hits: 463

Cyber attacks against healthcare systems are likely to increase and students investigated the feasibility of breaching a medical training mannequin.
Security experts are warning the medical industry about the hacking of any medical equipment implanted in the human body such as pacemaker and insulin pump.

Comment (0) Hits: 797

As more and more devices become tied into the Internet each day, the security threat will continue to expand.

Comment (0) Hits: 21

The survey polled more than 5500 IT specialists from over 25 countries.

Comment (0) Hits: 136

Applications written for iOS devices have more vulnerabilities than those written for Androids, and this has the potential for security problems in the future as attackers move to application-based threat vectors.

Comment (0) Hits: 272

Now that it is known .. a critical flaw in the Diffie-Hellman key-exchange protocol was exploited by the NSA to break the internet encryption, the, how to stop it?

Comment (0) Hits: 311

Serious flaws in the Network Time Protocol can be exploited to cause severe outages, eavesdrop encrypted communications, bypass authentication processes.

Comment (0) Hits: 327

A relentless focus on gaps in security negatively impacts our performance and degrades our influence. It's time for a change in approach.
How many gaps are you addressing in your environment?

Comment (0) Hits: 357

American Express appears to have used a weak algorithm to generate new card numbers.

Comment (0) Hits: 85

ModPOS is new POS malware discovered in systems of US retailers after the rush of Thanksgiving and experts speculate it is the most complex POS malware ever seen.

Comment (0) Hits: 127

The biggest financial institutions in the U.S. are under renewed pressure to mandate the use of PINs with new chip-based payment cards.

Comment (0) Hits: 187

Researchers at Trustwave have published the analysis of the Cherry Picker threat, a point-of-sale (PoS) malware that went undetected over the years.

Comment (0) Hits: 289

Central Shop is a web portal dedicated to the sale of stolen credit card data that captures the attention of the experts due to its amazing interface.

Comment (0) Hits: 262

A security researcher at the Vulnerability Lab discovered that ATMs at the German savings bank Sparkasse can leak sensitive info during software updates.

Comment (0) Hits: 364
Subscribe to our email list and stay up-to-date with all our awesome news and latest updates.

Be our Friend

ISC2 Study Guide for the CISSP Exam

Security Professionals

JobSeekers, upload your resume and get the security job you want

For Employers

Employers, post your jobs and get hte talents you need

Tools & Methodologies

Grid List

A new security audit the TrueCrypt software confirmed that even if it is plagued by some vulnerabilities, the application is effective when it comes to protecting data.

Comment (0) Hits: 99

The Information Technology Industry Council (ITIC) on Thursday objected to weakening encryption used on smartphones, even as some officials in Washington favor doing so.

Comment (0) Hits: 84

Upcoming Events