Tag Archive for: computers

Van Nuys man indicted for allegedly selling ‘trojan’ malware to help others crack computers – Daily News

/in


Federal authorities on Thursday announced the arrest of a Van Nuys man who allegedly schemed to market and sell malware that gave purchasers control over computers and enabled them to access victims’ private communications, their login credentials and other personal information.

Edmond Chakhmakhchyan, 24, allegedly used the screen name “Corruption.” He was arrested Wednesday by special agents with the FBI. During his arraignment in federal court, he pleaded not guilty to charges contained in a two-count indictment and was ordered back to court on June 4. His bond was set at $70,000.

The indictment charges Chakhmakhchyan with one count of conspiracy to advertise a device as an interception device, to transmit a code to intentionally cause damage to a protected computer and to intentionally access a computer to obtain information, as well as one count of advertising a device as an interception device. Each count carries a maximum sentence of five years in federal prison.

The indictment alleges an agreement between the malware’s creator and Chakhmakhchyan in which the defendant allegedly would post ads for the Hive remote access trojan, or RAT, on the Hack Forums website, accept Bitcoin payments for licenses to use the Hive RAT and provide customer service to those who purchased the licenses.

Customers purchasing the malware would transmit Hive RAT to protected computers and gain unauthorized control over and access to those devices, allowing the RAT purchaser to close or disable programs, browse files, record keystrokes, access incoming and outgoing communications and steal victim passwords and other credentials for bank accounts and cryptocurrency wallets, all without the victims’ knowledge or permission, according to the indictment.

Chakhmakhchyan allegedly began working with the creator of the Hive RAT, previously known as “Firebird,” about four years ago and advertised online the RAT’s many features.

Source…

BISD to add cyber security to district computers and devices

/in


BRANCH COUNTY — Branch Intermediate School District Technology Director Aaron Cummings will review and negotiate with firms providing 24-hour cyber security for the district rather than bid on the services.

The BISD board found the complexity of determining what services are needed and which best fit the district did not lend to standard bidding even with an estimated cost of $40,000.

BISD Superintendent Kris Jenkins said districts across the state are increasing computer security after ransomware infected the Jackson Intermediate School District last year.

Homeland Security identifies ransomware as malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption.

Two companies are receiving the most attention, Arctic Wolf and CrowdStrike, Cummings and Jenkins said. 

The superintendent explained, “This is a service, so statutorily, we don’t have to go out for bid.”

The estimated price is lower than hiring local personnel, at least three people to provide the service, Jenkins said.

BISD Superintendent Kris JenkinsBISD Superintendent Kris Jenkins

BISD Superintendent Kris Jenkins

In its emergency, Jackson ISD did not go out for bid and hired Arctic Wolf. Calhoun ISD uses Crowd Strike.

“One vendor will call their detection method this and this other will call it something totally different, even though it’s the same thing. It’s really hard to compare side by side,” Cummings said.

CrowdStrike is one of the biggest ones in Michigan because the state’s partnering with them. Cummings said, “CrowdStrike might be just a little bit cheaper, and a little more complete.”

The technology director said Arctic Wolf will monitor equipment already in place.

With over 425 pieces of connected online equipment in the BISD system, Cummings will evaluate the services and price before bringing back a recommendation to the board.

Cummings said, “Nobody’s got a really good solution for Chromebooks or iPads yet. I don’t know that they’ve actually been ransomed.”

Subscribe Follow this story. Subscribe to the Daily Reporter.

Jenkins said the 24-hour monitoring is essential after talking to Jackson ISD about the Arctic Wolf service in the last two weeks. “There was some…

Source…

In Other News: Hacking Encrypted Linux Computers, Android Fuzzing, Skype Leaking IPs

/in


SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar.

We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.

Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.

Here are this week’s stories

Quickly hitting Enter key to hack an encrypted Linux computer 

Researchers at Pulse Security discovered that an attacker who has physical access to an encrypted Linux system can gain local root access to the computer — bypassing full-disk encryption — by quickly hitting Enter on the keyboard or using a special device to simulate the process. These types of attacks are not new. 

High-severity vulnerability patched in Chrome 

Advertisement. Scroll to continue reading.

A new Chrome 116 update patches a high-severity use-after-free vulnerability. These types of flaws can typically be combined with other bugs for sandbox escapes and remote code execution. The bug bounty for the vulnerability has yet to be determined by Google. 

Google details Android fuzzing efforts

Google has published a blog post detailing its Android fuzzing efforts, including how it finds vulnerabilities, why it continues to invest in fuzzing, challenges, and how others can contribute. 

Top-level domains and DNS issues

Cisco Talos has conducted research into top-level domain (TLDs) and DNS issues, highlighting potential risks related to the .kids TLD, ‘zombified’ DNS name issues related to various country TLDs, as well as problems with second-level TLDs. 

Skype mobile app is leaking IP addresses

The Skype mobile application is leaking IP addresses, according to a report from 404 Media. A hacker can obtain a targeted user’s IP by sending them a link over Skype — the victim does not have to interact with the link. Microsoft has been notified, but the company is not rushing to patch it. 

Rackspace says cost of ransomware attack…

Source…

Hackers figure out your computer’s location via malware Whiffy Recon

/in


Hackers can accurately determine your location with the new malware Whiffy Recon. The data can potentially be used as leverage to let victims fulfil the hacker’s wishes.

The new malware Whiffy Recon searches for a computer’s location. Researchers from Secureworks first encountered the malware in the Smoke Loader botnet.

Malware for botnets

The malware was developed for computers that are already infected. The set of devices infected by the same malware family is also called a botnet. As users, there is no way to find out if devices in your possession are related to such a botnet.

Authorities recently succeeded in destroying the largest global botnet ‘Qakbot’. This operation makes about 700,000 computers no longer vulnerable to the new malware Whiffy Recon.

So, through other botnets, the malware can still do damage, and it already appears to be doing that currently through Smoke Loader. In this malware, the initial infection happens through a phishing message containing a malicious zip file.

Google Geolocation API helps

The malware currently only targets Windows devices. The operating system possesses Wireless AutoConfig Service (WLANSVC) that hackers can abuse to connect to the nearest routers via Wi-Fi. WLANSVC is used to verify whether the infected device has a Wi-Fi connection. Once that is assured, the malware will scan for Wi-Fi routers every minute.

With the data obtained from the scan, the hackers can find out the exact location of the infected device. To do this, they upload the data to the Google Geolocation API. This service accurately determines the location through a combination of Wi-Fi access points and transmission towers.

Threat and entry search

In repeating the scan every minute, the malware is used as a tracker. Moving an infected work device from the office to home, for example, will give hackers your work and home address if the device connects to a Wi-Fi router in both places.

“Demonstrating access to geolocation information can be used to intimidate victims or pressure them to comply with demands,” the researchers state. A threat message from a hacker is indeed much more intimidating if it appears…

Source…