TrickBot malware learns how to spam, ensnares 250M email addresses


This post is by Zack Whittaker from TechCrunch


Click here to view on the original site: Original Post




Old bot, new tricks.

TrickBot, a financially motivated malware in wide circulation, has been observed infecting victims’ computers to steal email passwords and address books to spread malicious emails from their compromised email accounts.

The TrickBot malware was first spotted in 2016 but has since developed new capabilities and techniques to spread and invade computers in an effort to grab passwords and credentials — eventually with an eye on stealing money. It’s highly adaptable and modular, allowing its creators to add in new components. In the past few months it’s adapted for tax season to try to steal tax documents for making fraudulent returns. More recently the malware gained cookie stealing capabilities, allowing attackers to log in as their victims without needing their passwords.

With these new spamming capabilities, the malware — which researchers are calling “TrickBooster” — sends malicious from a victim’s account then removes the sent messages from

Continue reading “TrickBot malware learns how to spam, ensnares 250M email addresses”

TrickBot malware learns how to spam, ensnares 250M email addresses


This post is by Zack Whittaker from TechCrunch


Click here to view on the original site: Original Post




Old bot, new tricks.

TrickBot, a financially motivated malware in wide circulation, has been observed infecting victims’ computers to steal email passwords and address books to spread malicious emails from their compromised email accounts.

The TrickBot malware was first spotted in 2016 but has since developed new capabilities and techniques to spread and invade computers in an effort to grab passwords and credentials — eventually with an eye on stealing money. It’s highly adaptable and modular, allowing its creators to add in new components. In the past few months it’s adapted for tax season to try to steal tax documents for making fraudulent returns. More recently the malware gained cookie stealing capabilities, allowing attackers to log in as their victims without needing their passwords.

With these new spamming capabilities, the malware — which researchers are calling “TrickBooster” — sends malicious from a victim’s account then removes the sent messages from

Continue reading “TrickBot malware learns how to spam, ensnares 250M email addresses”

TrickBot malware learns how to spam, ensnares 250M email addresses


This post is by Zack Whittaker from TechCrunch


Click here to view on the original site: Original Post




Old bot, new tricks.

TrickBot, a financially motivated malware in wide circulation, has been observed infecting victims’ computers to steal email passwords and address books to spread malicious emails from their compromised email accounts.

The TrickBot malware was first spotted in 2016 but has since developed new capabilities and techniques to spread and invade computers in an effort to grab passwords and credentials — eventually with an eye on stealing money. It’s highly adaptable and modular, allowing its creators to add in new components. In the past few months it’s adapted for tax season to try to steal tax documents for making fraudulent returns. More recently the malware gained cookie stealing capabilities, allowing attackers to log in as their victims without needing their passwords.

With these new spamming capabilities, the malware — which researchers are calling “TrickBooster” — sends malicious from a victim’s account then removes the sent messages from

Continue reading “TrickBot malware learns how to spam, ensnares 250M email addresses”

What CISOs need to learn from WannaCry


This post is by Zack Whittaker from TechCrunch


Click here to view on the original site: Original Post




In 2017 — for the first time in over a decade — a computer worm ran rampage across the internet, threatening to disrupt businesses, industries, governments and national infrastructure across several continents.

The WannaCry ransomware attack became the biggest threat to the internet since the Mydoom worm in 2004. On May 12, 2017, the worm infected millions of computers, encrypting their files and holding them hostage to a bitcoin payment.

Train stations, government departments, and Fortune 500 companies were hit by the surprise attack. The U.K.’s National Health Service (NHS) was one of the biggest organizations hit, forcing doctors to turn patients away and emergency rooms to close.

Earlier this week we reported a deep-dive story into the 2017 cyberattack that’s never been told before.

British security researchers — Marcus Hutchins and Jamie Hankins — registered a domain name found in WannaCry’s code in order to track the

Continue reading “What CISOs need to learn from WannaCry”

What CISOs need to learn from WannaCry


This post is by Zack Whittaker from TechCrunch


Click here to view on the original site: Original Post




In 2017 — for the first time in over a decade — a computer worm ran rampage across the internet, threatening to disrupt businesses, industries, governments and national infrastructure across several continents.

The WannaCry ransomware attack became the biggest threat to the internet since the Mydoom worm in 2004. On May 12, 2017, the worm infected millions of computers, encrypting their files and holding them hostage to a bitcoin payment.

Train stations, government departments, and Fortune 500 companies were hit by the surprise attack. The U.K.’s National Health Service (NHS) was one of the biggest organizations hit, forcing doctors to turn patients away and emergency rooms to close.

Earlier this week we reported a deep-dive story into the 2017 cyberattack that’s never been told before.

British security researchers — Marcus Hutchins and Jamie Hankins — registered a domain name found in WannaCry’s code in order to track the

Continue reading “What CISOs need to learn from WannaCry”

Report Suspicious Sites to Google Using This Chrome Extension


This post is by David Murphy from Lifehacker


Click here to view on the original site: Original Post




If you’ve used Chrome for any length of time, you’ve probably stumbled across its scary red interstitial—otherwise known as the Google Safe Browsing warning. If you’re attempting to pull up a site that looks problematic, like a malware host, Chrome will prevent you from doing so unless you do a little digging to

Read more…

Google now lets you flag deceptive sites with a new Chrome extension


This post is by Frederic Lardinois from TechCrunch


Click here to view on the original site: Original Post




Google today launched a new Chrome extension that allows you to flag suspicious sites for inclusion in the company’s Safe Browsing index, which is used by Chrome and a number of third-party browsers.

In addition, Google is also launching a new warning in Chrome that puts up a roadblock before you visit a site that is potentially trying to trick you into giving up your credentials or download malware.

Typically, Safe Browsing automatically crawls the web and looks for suspicious sites. With this new extension, you can flag sites that the system hasn’t detected yet. The overall process is pretty simple and the extension gives you the option to include screenshots, the referrer chain that led you to the site and the DOM content of your browser. You get to choose which one of these to send and the screenshot option is off by default.

The extension also puts up

Continue reading “Google now lets you flag deceptive sites with a new Chrome extension”

Homeland Security has tested a working BlueKeep remote code execution exploit


This post is by Zack Whittaker from TechCrunch


Click here to view on the original site: Original Post




Homeland Security’s cyber agency says it has tested a working exploit for the BlueKeep vulnerability, capable of achieving remote code execution on a vulnerable device.

To date, most of the private exploits targeting BlueKeep would have triggered a denial-of-service condition, capable of knocking computers offline. But an exploit able to remotely run code or malware on an affected computer — an event feared by government — could trigger a similar global incident similar to the WannaCry ransomware attack in 2017.

The Cybersecurity and Infrastructure Security Agency (CISA) confirmed in an alert Monday it had used BlueKeep to remotely run code on a Windows 2000 computer.

Although there have been no public exploits have been released, CISA’s alert is a warning that it’s a matter of time before malicious attackers could achieve the same results.

Both Microsoft and the federal government have sounded the alarm in recent weeks over the risks

Continue reading “Homeland Security has tested a working BlueKeep remote code execution exploit”

In a rare advisory, NSA urges users to patch BlueKeep flaw


This post is by Zack Whittaker from TechCrunch


Click here to view on the original site: Original Post




The National Security Agency has issued a rare advisory warning users to update their systems to protect against BlueKeep, a new security vulnerability with the capacity to rapidly spread between computers.

The “critical”-rated bug affecting computers running Windows XP and later, can be exploited to remotely run malware at the system level, which has full access to the computer. Because the bug is remotely exploitable, any unpatched computer connected to the internet may be at risk.

Only Windows 8 and Windows 10 are not vulnerable to the bug.

Microsoft released patches in May, yet about a million internet-facing computers and servers are still unprotected.

The intelligence agency urged computer owners to patch against the vulnerability “in the face of growing threats” amid concerns that a malicious actor could launch an attack, similar to the scale of the WannaCry ransomware attacks in 2017.

As of the time of writing, security researchers

Continue reading “In a rare advisory, NSA urges users to patch BlueKeep flaw”

In a rare advisory, NSA urges users to patch BlueKeep flaw


This post is by Zack Whittaker from TechCrunch


Click here to view on the original site: Original Post




The National Security Agency has issued a rare advisory warning users to update their systems to protect against BlueKeep, a new security vulnerability with the capacity to rapidly spread between computers.

The “critical”-rated bug affecting computers running Windows XP and later, can be exploited to remotely run malware at the system level, which has full access to the computer. Because the bug is remotely exploitable, any unpatched computer connected to the internet may be at risk.

Only Windows 8 and Windows 10 are not vulnerable to the bug.

Microsoft released patches in May, yet about a million internet-facing computers and servers are still unprotected.

The intelligence agency urged computer owners to patch against the vulnerability “in the face of growing threats” amid concerns that a malicious actor could launch an attack, similar to the scale of the WannaCry ransomware attacks in 2017.

As of the time of writing, security researchers

Continue reading “In a rare advisory, NSA urges users to patch BlueKeep flaw”

In a rare advisory, NSA urges users to patch BlueKeep flaw


This post is by Zack Whittaker from TechCrunch


Click here to view on the original site: Original Post




The National Security Agency has issued a rare advisory warning users to update their systems to protect against BlueKeep, a new security vulnerability with the capacity to rapidly spread between computers.

The “critical”-rated bug affecting computers running Windows XP and later, can be exploited to remotely run malware at the system level, which has full access to the computer. Because the bug is remotely exploitable, any unpatched computer connected to the internet may be at risk.

Only Windows 8 and Windows 10 are not vulnerable to the bug.

Microsoft released patches in May, yet about a million internet-facing computers and servers are still unprotected.

The intelligence agency urged computer owners to patch against the vulnerability “in the face of growing threats” amid concerns that a malicious actor could launch an attack, similar to the scale of the WannaCry ransomware attacks in 2017.

As of the time of writing, security researchers

Continue reading “In a rare advisory, NSA urges users to patch BlueKeep flaw”

How Marcin Kleczynski went from message boards to founding anti-malware startup Malwarebytes


This post is by Zack Whittaker from TechCrunch


Click here to view on the original site: Original Post




Marcin Kleczynski is a shining example of the American dream.

A Polish-born immigrant turned naturalized citizen, Kleczynski grew up in the Chicago suburbs spending much of his time on computers and the early days of the world wide web. He couldn’t afford to buy computer games; instead, he downloaded them from the internet — and usually malware along with it. Frustrated that his computer’s anti-malware didn’t prevent the infection, he took to seeking help from security message boards to troubleshoot and remove the malware by hand.

That’s where Kleczynski thought he could do better, and so he founded Malwarebytes .

In early 2008, his company’s first anti-malware product was released. To no surprise, the very people on the message boards who helped Kleczynski recover his computer were the same championing his debut software. So much so that Kleczynski hired one of the people from the message board who helped him rid

Continue reading “How Marcin Kleczynski went from message boards to founding anti-malware startup Malwarebytes”

Why ICS security startup Dragos’ CEO puts a premium on people not profits


This post is by Zack Whittaker from TechCrunch


Click here to view on the original site: Original Post




Written in its company’s handbook, there’s one rule for working at Dragos. “Don’t be an asshole.”

“The first key to our success is our people and that we hire good people,” said Robert Lee, the company’s founder and chief executive, in an interview with TechCrunch. “I think building a successful team is about having a standard and saying that I expect you all to be adults and not need a million HR policies,” he said.

Lee’s management approach revolves around his company’s greatest asset — his staff. With 125 employees, the company has seen rapid growth since its founding in 2016 but puts great importance on maintaining the company’s relaxed but productive culture.

Lee said he doesn’t want to change its culture dynamics by growing too fast, micromanaging, or burdening his staff with strict expense policies. “If you’re stuck laid over at night, but you see there’s one seat

Continue reading “Why ICS security startup Dragos’ CEO puts a premium on people not profits”

Europol, DOJ announce the takedown of the GozNym banking malware


This post is by Zack Whittaker from TechCrunch


Click here to view on the original site: Original Post




Europol and the U.S. Justice Department, with the help from six other countries, have disrupted and dismantled the GozNym malware, which they say stole more than $100 million from bank accounts since it first emerged.

In a press conference in The Hague, prosecutors said 10 defendants in five countries are accused of using the malware to steal money from more than 41,000 victims, mostly businesses and financial institutions.

Five defendants were arrested in Moldova, Bulgaria, Ukraine and Russia. The leader of the criminal network and his technical assistant are being prosecuted in Georgia.

The remaining five defendants, all Russian nationals, remain on the run, said prosecutors.

All were charged with conspiracy to commit computer fraud, conspiracy to commit wire and bank fraud, and and conspiracy to commit money laundering. An eleventh member of the conspiracy, Krasimir Nikolov, was previously charged and extradited to the U.S. in 2016

Continue reading “Europol, DOJ announce the takedown of the GozNym banking malware”

Two years after WannaCry, a million computers remain at risk


This post is by Zack Whittaker from TechCrunch


Click here to view on the original site: Original Post




Two years ago today, a powerful ransomware began spreading across the world.

WannaCry began encrypting hundreds of thousands of computers in over 150 countries in a matter of hours. It was the first time that ransomware, a malware that encrypts a user’s files and demands cryptocurrency in ransom to unlock them, had spread across the world in what looked like a coordinated cyberattack.

It was spreading like wildfire. Hospitals across the U.K. declared a “major incident” after they were knocked offline by the malware. Government systems, railway networks and private companies were also hit.

Security researchers quickly realized the malware was spreading like a computer worm, across computers and over the network, using the Windows SMB protocol. Suspicion soon fell on a batch of highly classified hacking tools developed by the National Security Agency, which weeks earlier had been been stolen and published online for anyone to use.

“It’s

Continue reading “Two years after WannaCry, a million computers remain at risk”

Shellbot malware evolves to spread and shuts down other cryptominers


This post is by Zack Whittaker from TechCrunch


Click here to view on the original site: Original Post




When hackers want to make a quick buck, mining cryptocurrency seems to be the way to go.

New research out Wednesday by Boston-based security firm Threat Stack shared exclusively with TechCrunch reveals a new variant of the Shellbot malware is taking a leaf out of the other cryptocurrency mining by breaking into computers and using their resources to make money.

Shellbot, first written about by Jask in February, now uses an old but reliable SSH brute force technique to break into internet-connected Linux servers with weak passwords to infect a system and mine cryptocurrency.

But now Threat Stack says the malware has new capabilities allowing it to spread through a network and shut down other cryptominers on infected computers, allowing the malware to free up more processing power for its own cryptomining operation.

“The main goal of this campaign appears to be monetary gain via cryptomining and propagating itself to

Continue reading “Shellbot malware evolves to spread and shuts down other cryptominers”

A new cryptocurrency mining malware uses leaked NSA exploits to spread across enterprise networks


This post is by Zack Whittaker from TechCrunch


Click here to view on the original site: Original Post




Two years after highly classified exploits built by the National Security Agency were stolen and published, hackers are still using the tools for nefarious reasons.

Security researchers at Symantec say they’ve seen a recent spike in a new malware, dubbed Beapy, which uses the leaked hacking tools to spread like wildfire across corporate networks to enslave computers into running mining code to generate cryptocurrency.

Beapy was first spotted in January but rocketed to more than 12,000 unique infection across 732 organizations since March, said Alan Neville, Symantec’s lead researcher on Beapy, in an email to TechCrunch. The malware almost exclusively targets enterprises, host to large numbers of computers, which when infected with cryptocurrency mining malware can generate sizable sums of money.

The malware relies on someone in the company opening a malicious email. Once opened, the malware drops the NSA-developed DoublePulsar malware to create a persistent backdoor on the

Continue reading “A new cryptocurrency mining malware uses leaked NSA exploits to spread across enterprise networks”

Manufacturing giant Aebi Schmidt hit by ransomware


This post is by Zack Whittaker from TechCrunch


Click here to view on the original site: Original Post




Aebi Schmidt, a European manufacturing giant with operations in the U.S., has been hit by a ransomware attack, TechCrunch has learned.

The Switzerland-based maker of airport maintenance and road cleaning vehicles had operations disrupted Tuesday following the malware infection, according to a source with knowledge of the incident.

Systems went down across the company’s international network, including its U.S. subsidiaries, but much of the damage was in the company’s European base. A number of systems connected to the Aebi Schmidt network across the world were left paralyzed. The source said systems necessary for manufacturing operations were inaccessible following the attack. The company’s email is also said to be affected.

It isn’t immediately known what kind of ransomware knocked the company’s systems offline.

The multinational manufacturing giant recently expanded its U.S. presence with the acquisition of M-B Companies, a maker of snow removal and cleaning machines, following

Continue reading “Manufacturing giant Aebi Schmidt hit by ransomware”

Evernote fixes macOS app bug that allowed remote code execution


This post is by Zack Whittaker from TechCrunch


Click here to view on the original site: Original Post




Evernote has fixed a vulnerability that could have allowed an attacker to run malicious code on a victim’s computer.

Dhiraj Mishra, a security researcher based in Dubai, reported the bug to Evernote on March 17.  In a blog post showing his proof-of-concept, Mishra showed TechCrunch that a user only had to click a link masked as a web address, which would open a locally stored app or file unhindered and without warning.

Evernote spokesperson Shelby Busen confirmed the bug had been fixed, and said the company “appreciates” the contributions from security researchers.

The researcher ‘popped calc’ as a way to demonstrate a remote code execution bug in Evernote (Image: supplied)

MITRE, the vulnerability database keeper, issued an advisory under CVE-2019-10038.

The bug could allow an attacker to remotely run malicious commands on any macOS computer with Evernote installed. Since the fix went into effect, Evernote now warns users

Continue reading “Evernote fixes macOS app bug that allowed remote code execution”

Security flaw in EA’s Origin client exposed gamers to hackers


This post is by Zack Whittaker from TechCrunch


Click here to view on the original site: Original Post




Electronic Arts has fixed a vulnerability in its online gaming platform Origin after security researchers found they could trick an unsuspecting gamer into remotely running malicious code on their computer.

The bug affected Windows users with the Origin app installed. Tens of millions of gamers use the Origin app to buy, access and download games. To make it easier to access an individual game’s store from the web, the client has its own URL scheme that allows gamers to open the app and load a game from a web page by clicking a link with origin:// in the address.

But two security researchers, Daley Bee and Dominik Penner of Underdog Security, found that the app could be tricked into running any app on the victims computer.

“An attacker could’ve ran anything they wanted,” Bee told TechCrunch.

‘Popping calc’ to demonstrate a remote code execution bug in Origin. (Image: supplied)

Continue reading “Security flaw in EA’s Origin client exposed gamers to hackers”