Cybersecurity firm FireEye has released today a report detailing the techniques used by the SolarWinds hackers inside the networks of companies they breached. From a report: Together with the report, FireEye researchers have also released a free tool on GitHub named Azure AD Investigator that they say can help companies determine if the SolarWinds hackers (also known as UNC2452) used any…
Tag: malware
MacOS Malware Used Run-Only AppleScripts To Avoid Detection For Five Years
An anonymous reader quotes a report from ZDNet: For more than five years, macOS users have been the targets of a sneaky malware operation that used a clever trick to avoid detection and hijacked the hardware resources of infected users to mine cryptocurrency behind their backs. Named OSAMiner, the malware has been distributed in the wild since at least 2015 disguised…
German Investigators Shut Down Biggest Illegal Marketplace On the Darknet
An anonymous reader quotes a report from The Associated Press: German prosecutors said Tuesday that they have taken down what they believe was the biggest illegal marketplace on the darknet and arrested its suspected operator. The site, known as DarkMarket, was shut down on Monday, prosecutors in the southwestern city of Koblenz said. All sorts of drugs, forged money, stolen or…
Intel Unveils New Core H-Series Laptop and 11th Gen Desktop Processors At CES 2021
MojoKid writes: At its virtual CES 2021 event today, Intel’s EVP Gregory Bryant unveiled an array of new processors and technologies targeting virtually every market, from affordable Chromebooks to enthusiast-class gaming laptops and high-end desktops. Intel’s 11th Gen Core vPro platform was announced, featuring new Intel Hardware Shield AI-enabled threat ransomware and crytpo-mining malware detection technology. In addition, the Intel Rocket…
After the Riot, the US Capitol’s IT Staff Faces ‘a Security Mess’
After Wednesday’s invasion by protesters, America’s Capitol building is now grappling with “the process of securing the offices and digital systems after hundreds of people had unprecedented access to them,” writes Wired. Long-time Slashdot reader SonicSpike shares their report: Rioters could have bugged congressional offices, exfiltrated data from unlocked computers, or installed malware on exposed devices. In the rush to evacuate…
Sealed US Court Records Exposed In SolarWinds Breach
An anonymous reader quotes a report from Krebs On Security: The ongoing breach affecting thousands of organizations that relied on backdoored products by network software firm SolarWinds may have jeopardized the privacy of countless sealed court documents on file with the U.S. federal court system, according to a memo released Wednesday by the Administrative Office (AO) of the U.S. Courts. The…
Hackers Target Cryptocurrency Users With New ElectroRAT Malware
An anonymous reader quotes a report from ZDNet: Security firm Intezer Labs said it discovered a covert year-long malware operation where cybercriminals created fake cryptocurrency apps in order to trick users into installing a new strain of malware on their systems, with the obvious end goal of stealing victims’ funds. The campaign was discovered last month in December 2020, but researchers…
Malware Uses WiFi BSSID for Victim Identification
An anonymous reader shares a report: Malware operators who want to know the location of the victims they infect usually rely on a simple technique where they grab the victim’s IP address and check it against an IP-to-geo database like MaxMind’s GeoIP to get a victim’s approximate geographical location. While the technique isn’t very accurate, it is still the most reliable…
Microsoft, SolarWinds Face New Criticism Over Russian Breach of US Networks
After Russia’s massive breach of both government and private networks in the U.S., American intelligence officials “have expressed anger that Microsoft did not detect the attack earlier But new criticisms are also falling on SolarWinds: Some of the compromised SolarWinds software was engineered in Eastern Europe, and American investigators are now examining whether the incursion originated there, where Russian intelligence operatives…
CISA Updates SolarWinds Guidance, Tells US Govt Agencies To Update Right Away
The US Cybersecurity and Infrastructure Security Agency has updated its official guidance for dealing with the fallout from the SolarWinds supply chain attack. From a report: In an update posted late last night, CISA said that all US government agencies that still run SolarWinds Orion platforms must update to the latest 2020.2.1HF2 version by the end of the year. Agencies that…