Hackers are Selling Backdoors into Windows PCs for just $10

If you use Windows, you want to know about this problem that apparently has been around for some time. Cyber criminals are offering remote access to IT systems for just $10 via a dark web hacking store — potentially enabling attackers to steal information, disrupt systems, deploy ransomware and more. Some of the products sold for $10 allow access to tens of thousands of compromised systems.

Systems advertised for sale on the forum range from Windows XP through to Windows 10, with access to Windows 2008 and 2012 Server most common.

Details may be found in an article by Danny Palmer in the ZDNet web site at: https://tinyurl.com/y7xuxp8d.

If You are Using the Stylish Web Browser Extension, Your Private Information is being Collected and Used for Unknown Purposes

Google and Mozilla have ejected the popular Stylish extension from their respective catalogs following a complaint that it collects data about website visits in a way that could be used to identify users.

Software engineer Robert Heaton first identified the security issue and warned, “the Stylish browser extension steals all your internet history” and collects enough information to identify individuals from historical web usage.

Details may be found in an article by Liam Tung in the ZDNet web site at: https://zd.net/2KMinYI.

Every Android Device Launched Since 2012 may be Impacted by a RAMpage Vulnerability

Do you have an Android cell phone, tablet, walkie-talkie, or other mobile device? Assuming it was introduced in 2012 or later, it contains a major security bug. The vulnerability, tracked as CVE-2018-9442, is a variation of the Rowhammer attack, a hardware bug in modern memory cards.

While the problem is significant, there is no evidence that hackers have ever used it for malicious purposes. Security researchers found the weakness and developed test software to prove that it is a problem. A team of eight academics from three universities and two private companies revealed a new Rowhammer-like attack on Android devices named RAMpage. However, the academics do not know of any Rowhammer attacks in the wild.

The researcher team also believes RAMpage may also affect Apple devices, home computers, or even cloud servers.

You can read more in an article by Catalin Cimpanu in the Bleeping Computer web site at: https://tinyurl.com/y8e7n9k2.

Free Decryption Tool Released for Destructive File-Locking Thanatos Ransomware

Victims of a destructive form of ransomware, which fails to unlock files even if the ransom is paid, can now retrieve their files for free with a new file decryptor released by security researchers.

Thanatos ransomware first started targeting Windows systems in February and multiple versions of it have been released in the months since, indicating that those behind it remain an active threat.

Details may be found in an article by Danny Palmer in the ZDNet web site at https://tinyurl.com/yarbcmhg.

This new Windows Malware wants to Add your PC to a Botnet – or Worse

If you use Windows, you need to read an article by Danny Palmer in the ZDNet web site at https://zd.net/2yslXCr. It says:

A new malware campaign is roping systems into a botnet and providing the attackers with complete control over infected victims, plus the ability to deliver additional payloads, putting the victims’ devices at risk of Trojans, keyloggers, DDoS attacks and other malicious schemes.

The malware comes equipped with three different layers of evasion techniques which have been described by the researchers at Deep Instinct who uncovered the malware as complex, rare and “never seen in the wild before”.

Again, the full article is available at: https://zd.net/2yslXCr.

Skygofree: a Not-So-New Malware that Infects Android Devices

Skygofree apparently has been around for a while but was a minor problem until recently. Now it is infecting more and more Android cell phones and tablet computers. The malware (malevolent software) has the ability to grab call records, text messages, geolocation, surrounding audio, calendar events, and other memory information stored on the device.

After manual launch, it shows a fake welcome notification to the user:

Dear Customer, we’re updating your configuration and it will be ready as soon as possible.

Then it steals your information and sends it to a server in an overseas location.

You can read the details in the SecureList web site at: https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/

Nokia Security Report for 2017

Are you concerned about malware (malevolent software), such as viruses, keyloggers, and trojan horse programs? If so, you might want to read a new report from Nokia.

The Nokia Threat Intelligence Report examines malware infections found in mobile and fixed networks worldwide. It provides analysis of data gathered from more than 100 million devices by the Nokia NetGuard Endpoint Security solution. The new report details key security incidents and trends from the first three quarters of 2017. Amongst the findings:

  • Devices using the Android operating system were the most likely to be infected this year, according to Nokia research.
  • Android was the #1 target for Malware, about 1% of all Android devices will be infected, an increase from 2016. This means 0.94% of all Android devices were infected, slightly above Google’s 2016 Q4 estimate of 0.71%.
  • Out of all infected devices, 68.50% were Androids, 27.96% ran on Windows, and 3.54% used iOS.

Continue reading