The European Union agency for network and information security ENISA announced on Monday the launch of a new expert group focusing on the security of smart cars and intelligent road systems.
The European Union agency for network and information security ENISA announced on Monday the launch of a new expert group focusing on the security of smart cars and intelligent road systems.
Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.
The EU's top justice official on Monday said a deal towards sealing a new transatlantic data-sharing pact was close, despite a missed deadline that could mean a crippling blow to American online giants including Facebook and Google.
Encrypted communication is making law enforcement and counterterrorism investigations more difficult, but fears of "going dark" are overblown, a study said Monday.
The report by Harvard University's Berkman Center said that despite efforts to boost encryption in smartphone and online services, investigations still can gain access to data in many circumstances.
Researchers at Kaspersky Lab have discovered a Linux backdoor that has been migrated to Windows and added a series of new capabilities.
The malware was initially spotted on Linux systems, where it had a full set of features that allowed the attackers to monitor all a victim’s activities, including the ability to capture audio and take screenshots. Researchers discovered that the backdoor was written in C++ and Qt, a cross-platform application framework, and that it was compiled toward the end of September 2015.
Called DropboxCache, also known as Backdoor.Linux.Mokes.a, the malware connects to a hardcoded command and control (C&C) server, after which it performs an HTTP request every minute and receives one-byte images in response, Kaspersky Lab’s Stefan Ortloff explains in a blog post. The backdoor connects to TCP port 433 using a custom protocol and AES encryption to receive data and commands from the C&C server, Ortloff said.
According to Kaspersky, the malware authors didn’t put effort into obfuscating the code in any way, making it easier to analyze.
The second backdoor the researchers discovered is called OLMyJuxM.exe (Backdoor.Win32.Mokes.imv), which emerged recently on Windows-based systems. According to Kaspersky, the analysis of this piece of malware quickly revealed that it is a 32-bit Windows variant of Backdoor.Linux.Mokes.a.
The malware uses the SetWindowsHook API for keylogger functionality and for monitoring mouse inputs and internal messages posted to the message queue. The backdoor then contacts the C&C server for commands, and continues to connect to it once per minute by sending a heartbeat signal via HTTP (GET /v1), the same as the Linux variant.
The cybercriminals behind the malware have designed it to receive commands and to upload or download additional resources via TCP Port 433. Researchers also explain that the Windows backdoor uses the same filename templates to save the obtained screenshots, audiocaptures, keylogs and other arbitrary data.
Further analysis of the malicious program revealed that it also includes code to capture images from a connected camera, such as a built-in webcam. Additionally, Kaspersky researchers explain that, unlike the Linux variant, the Windows malware has the keylogger active from the start.
However, the same as the Linux backdoor, this malicious program’s binary contains a series of suspicious strings. To ensure that Windows does not find the malware suspicious and that it does not ask users to confirm execution, the authors used a trusted certificate issued by COMODO RSA Code Signing CA, but the researchers did not share the name of the entity which the certificate was issued to.
Kaspersky Lab researchers warn that the malware appears to have been designed to be platform independent, suggesting that it might not be too long before a Mac OS X variant emerges. As always, users are advised to have an anti-virus program enabled on their systems and kept up to date, as well as to avoid opening emails from unknown sources, clicking on suspicious attachments or links, or installing applications from untrusted sources.
An intrusion detection and prevention platform for which the United States government plans on spending $5.7 billion by 2018 has limited capabilities and does not fully meet its intended objectives, according to an audit conducted by the Government Accountability Office (GAO).
Symantec is now a pure-play cyber security company. The company said on Monday that it has completed the sale of Veritas to a group of investors led by The Carlyle Group, giving Symantec roughly $5.3 billion in after-tax cash proceeds—$1 billion less than the company originally expected to receive from the sale.
A modern metropolis rising from Israel's Negev desert stands on the frontline of a global war against hacking and cyber crime, fulfilling an ambition of the country's founding father.