Wednesday, 5 July 2017

Developer Medoc Confirms Backdoor In Update



Ukrainian software company tax and accounting Medoc develops confirmed that attackers malicious code added to an update allowing the Petya-ransomware is installed. Initially the company denied even attackers had used the company's software to install Petya-ransomware. On Facebook , the company has been now confirms that the victim of a hack.

Previously, researchers at antivirus company ESET discovered attackers had added a backdoor on an update for Medoc which was released on June 22. The software company announced that it has developed an update that should fix the problem. The servers of the software have been seized by the police, so the update that addresses the issues and to prevent new attacks still can not be rolled. Ukrainian Police advise on Facebook to use non Medoc temporary and computers it is installed to disconnect from the network.

Test: Ten Tested Virus Scanners For MacOS



German test lab AV-Test has a new test virus put online, this time for anti-virus software for MacOS looked. The amount of new malware for MacOS is not commensurate with those for Windows. However, last year there was an increase in visible , of 819 new units in 2015 to 3033 in 2016.

Most infections MacOS is still doing for social engineering, in which users are tricked into installing malware, although some cases are known where attackers managed to add malware to legitimate programs. That there is little malware for MacOS in circulation is evident from the number of copies that malware-AV-Test used for the test. The lab works on Windows with tens of thousands of malware specimens. 184 specimens were used for the test with Mac malware.

Four products (Bitdefender, Intego, Symantec and Kaspersky Lab) were able to detect all malware instances. MacKeeper ends with a score of 85.9 percent down. Besides the detection was also the tax system looked when copying files. Then put Canimaan Software and MacKeeper down the best performance, followed by Kaspersky Lab and Symantec with one second difference. Intego slows the most systems. Finally, we looked at the false positives. In this case considers a virus if infected legitimate, clean files. During this test item was no virus in error.

Attackers Behind Petya-Ransomware Emptying Bitcoin Wallet


The attackers behind Petya-ransomware have 9,000 euros paid by victims transferred to another bitcoin wallet. That leaves Aleks Gostev on Twitter know, chief security expert at anti-virus firm Kaspersky Lab. The ransomware which last Tuesday infected several organizations showed users see a screen where they were instructed to make about $ 300 to the specified bitcoin wallet.

Unlike many other ransomware became for all victims the same bitcoin wallet used. Last night decided the attackers 9,000 victims who had paid to worry about another wallet. In addition, there appeared on Pastebin message that bitcoin 100 (225 000 euro) were asked for the decryption key to decrypt all infected systems by Petya.

However, it is unclear whether the persons who placed the Pastebin message also behind the Petya-ransomware. According to researcher Matt Suiche attackers try to confuse the public by the story Petya actually a wiper which data could again turn into a story about ransomware, let him opposite Vice Magazine know.

Cyber Security Council Wants More Companies To Be Notified Of Cyber Attack


The Cyber Security Council, the advisory body of the Cabinet when it comes to cyber security, wants more companies to be notified of a cyber attack, rather than just the vital sectors. According to Ron Moss, a member of the Council, the loss of Petya attack could have been less if companies such as APM Terminals and parcel TNT were warned before, let it faces BNR know.

In the case of the Petya-ransomware though there were no signs or information that the attack would take place, and the news was known until the outbreak had occurred. "If the attacks take place, then the damage is already done, then there is not much point to inform," said Ronald Prins of security firm Fox-IT. He points to the outbreak of the WannaCry-ransomware, which spread very rapidly. "And so there was no warning as possible."

D66 MP Kees Verhoeven endorses the opinion of the Cyber ​​Security Council and wants the government will implement it. "There could be considered a National Computer Emergency Response Team. A team which companies can exchange knowledge and information about cyber attacks." According to Verhoeven should be informed on the one hand on attacks and malware, but companies have on the other hand are structurally better prepared. "This is largely the responsibility of the companies themselves, but the government can play a supporting role. We have the National Cyber ​​Security Center. The infrastructure to do it so, but apparently works not yet."

Update


The opinion of the Cyber Security Council has now been published online ( pdf ). It calls for a nationwide system of information centers for information exchange covering all Dutch businesses. In addition, suppliers must of internet products and services have an active stance when it comes to offering safe products and have to do the simple declaration to cybercrime to the police.

Fourth Largest South Korean Bitcoin Stock Exchange Bithumb Hacked



Attackers have hacked the fourth largest South Korean bitcoin stock exchange Bithumb and data and money of users stolen. Bithumb is one of the largest exchanges where digital currency bitcoin and ethereum traded. The attackers were able to access the personal information of nearly 32,000 Bithumb users, including names, mobile phone numbers and email addresses, so let know Brave New Coin.

According to the exhibition is about three percent of the customers. Let customers know that converted stolen millions of euros to digital currency, but Bithumb suggests that the attackers had no direct access to client funds. According to the fair, the attackers managed to penetrate through the computer of an employee. The attackers would then use the stolen personal information to calling customers and to steal additional information which transactions could be carried out.

Bithumb discovered the data breach on June 29 and alerted the authorities on 30 June. More than 100 Bithumb users have been reported to the South Korean police. The exchange said the victims of the data breach will pay a fee of the equivalent of 76 euros. Users who have suffered Further damages will be compensated for as soon as the amount is confirmed, so notify South Korean media.

Friday, 21 April 2017

Cybercriminals Use NSA Exploits To Attack Servers


Cyber criminals are currently actively using the NSA exploits last week by the hacker group Shadow Brokers were made public to provide servers backdoors and possibly spreading ransomware. Let know several security researchers.

Thus Double Pulsar tool found on the various servers. The NSA would use this tool after it has been through an exploit access to a server. In addition, security reports SenseCy that there is currently a "trend" going where the leaked NSA exploits used to infect Windows Servers with ransomware. The attackers were using either a vulnerability in Windows SMB Server make that Microsoft patched in March.

Further details are not given, however, about this ransomware attacks. Earlier researcher Kevin Beaumont predicted that the NSA exploits a ransomware worm would be used. "It's the next logical step yields for worms and criminals, because the money and is easy to do," says the researcher. Beaumont says that if known exploits are currently being used to servers a backdoor provide.