It's been a year now since the Dyre malware family was first profiled, and there is no sign of infection rates slowing down. In fact, [reports](http://www.scmagazine.com/trend-micro-documents-new-malware-infections/article/418266/) would seem to suggest just the opposite with infections up from 4,000 at the end of last year to 9,000 at the start of this. The lion's share being split pretty evenly between European and North American users. So I was interested to spot this Tweet from Ronnie T [@iHeartMalware](https://twitter.com/iheartmalware) who is actually Ronnie Tokazowski, a senior researcher at PhishMe, which declares: "I'm tired of dumping #Dyre configurations by hand. So I wrote a …

Member Avatar
Member Avatar
+1 forum 4

Werner Vogel, Amazon Web Services (AWS) CTO, speaking at the AWS Summit in London yesterday has made the rather amazing claim that security in the cloud is "much stronger" than anything you can have on-premises. As someone who has been writing about information security for more than 20 years, and covering the cloud security beat for five, I can understand why he may say that. However, it doesn't mean that he was right; not for every customer, not for every implementation. If you are talking about the smaller end of the SME spectrum then, for the most part in my …

Member Avatar
Member Avatar
+1 forum 5

Researchers at security company AppRiver have issued a [warning](http://blog.appriver.com/2015/06/amazon-based-malware-targets-crypto-currency/) regarding a variant of the Fareit malware family which is using fake Amazon purchase confirmation emails to inject itself and steal any type of crypto currency that can be found on the target machine. ![amazonmalware.jpg](/attachments/large/0/4ed9d9dbe506fcd950aef08620e1e144.jpg "align-center") Troy Gill, manager of security research at AppRiver, details how his team have been monitoring, and blocking, what he describes as a stream of malicious emails during the last week. All posing as legitimate Amazon purchase confirmations, all stating that 'your order has been confirmed’ and all directing the reader to the attached, and infected, …

Member Avatar
+1 forum 0

Another month, another flaw related to the historical US export restrictions on cryptography; this time in the form of LogJam. It hits SSL 3.0 and TLS 1.0 which supported reduced-strength DHE_EXPORT ciphersuites, restricted to primes no longer than 512 bits, meaning that a man-in-the-middle attack is possible to force the usage of the lower export strength cipher without the user being aware and which impacts something like eight per cent of the top one million web domains and all the major web browser clients. Well almost, because Internet Explorer has already been patched (nice one Microsoft) with Firefox expected to …

Member Avatar
+2 forum 0

While keen to point out that Microsoft's TechNet portal security was "in no way compromised" by the tactic, researchers with security outfit FireEye [discovered](https://www.fireeye.com/blog/threat-research/2015/05/hiding_in_plain_sigh.html) that [a well established China-based hacking campaign called Deputy Dog](https://www.fireeye.com/blog/threat-research/2013/09/operation-deputydog-zero-day-cve-2013-3893-attack-against-japanese-targets.html) had managed to create profiles and posts on TechNet that contained embedded Command and Control codes for use with a BlackCoffee malware variant. This method of hiding in plain sight is nothing new, but it can make detection problematical as the data (especially within a technical forum such as TechNet) is simply 'lost' in a sea of similar code from genuine users of a well respected …

Member Avatar
+1 forum 0

As any fan of the The Matrix trilogy of films will tell you, the Keymaker is a character in The Matrix Reloaded who has the keys to provide Neo access to the system mainframe and by so doing hopefully save Zion from the ongoing sentinel attack. In the movie, the Keymaker was a little old Chinese man who held the keys to every door, every escape route, everything. In Apple OS X the equivalent is the Gatekeeper, a key technology which prevents malware from running on machines using that operating system. It does this by effectively locking the doors to …

Member Avatar
Member Avatar
+0 forum 3

One of the great things about social media is the way that it utilises the wisdom of crowds. This concept is perhaps best known through Wikipedia, where user editing can often create some wildly inaccurate entries in the short term but over time these get corrected by the larger volume of editors who truly care about the product they are using. Somewhere else that the wisdom of crowds has made an impact is the consumer review market. Most of my family, friends and work colleagues pretty much turn to the Internet for a quick and unbiased opinion before splashing the …

Member Avatar
Member Avatar
+1 forum 4

According to a [SecureList posting](https://securelist.com/blog/69462/darwin-nuke/) dated April 10th, researchers Anton Ivanov, Andrey Khudyakov, Maxim Zhuravlev and Andrey Rubin discovered a vulnerability in the Darwin kernel back in December 2014. Why is this of interest? Well, the Darwin kernel is an open source part of both the Apple operating systems. The vulnerability could allow remote attackers to launch a DDoS on a device running OS X 10.10 or iOS 8. More worryingly, it could allow the attackers to send just a single, solitary incorrect network packet in order to crash the target system and impact upon any corporate network it may …

Member Avatar
Member Avatar
+0 forum 1

Advert blocking software is thought to be used by something in the region of just five per cent of online users, or 150 million people of you prefer. It is, however, on the up; research conducted by Adobe and anti-adblocking campaigners PageFair suggests that ad blocking use rose by 70 per cent last year. Of the various options out there, Adblock Plus is one of the best known and most used. Which is why the company behind it, Eyeo GmbH, recently found itself on the sharp end of a court case in Germany seeking an injunction to prevent it from …

Member Avatar
+1 forum 0

Which 12 year old operating system which is still running on 11 million servers is about to die? Yep, that's the one: Microsoft Windows Server 2003 reaches 'end of life' status on July 14th. One of the longest running discussions on DaniWeb asks the question [Why does Windows XP refuse to die?](https://www.daniweb.com/hardware-and-software/microsoft-windows/windows-nt-2000-xp/news/294897/why-does-windows-xp-refuse-to-die) and I have my suspicions that we may be asking the same of Windows Server 2003 in the years to come. Which is fine as far as it goes, unfortunately that's not very far in terms of security as there will be no more security patches, updates or …

Member Avatar
Member Avatar
+2 forum 7

In what has quite possibly been one of the longest periods between security problems being revealed and action being taken, the Virginia Board of Elections voted on Tuesday to remove the certification of more than 300 AVS WINVote touchscreen voting machines. The Virginia Information Technology Agency, and consultancy Pro V&V, uncovered multiple flaws in the voting technology which had also been used in other states including Mississippi and Pennsylvania. The scandal here is that there have been concerted efforts to remove these machines from the electoral system since 2008 when experts investigating irregularities first flagged their concerns. They have consistently …

Member Avatar
Member Avatar
+2 forum 3

According to the latest [Verizon 2015 Data Breach Investigations Report](http://www.verizonenterprise.com/DBIR/) all but four per cent of the security incidents analyzed by researchers could be accounted for by just nine basic attack types. That's pretty useful information for enterprise looking to prioritize their approach to security in terms of establishing a stronger security posture. So, as far as the nearly 80,000 incidents that were analyzed to form the basis of the report, what were these nine basic patterns then? Verizon states that the nine threat patterns are: 1. Miscellaneous errors (such as sending an email to the wrong person for example) …

Member Avatar
+1 forum 0

Security is, more often than not, a case of getting the basics right. This is certainly true of the cloud where the hyperbole surrounding insecurity far outweighs the actual risk in my opinion. Not that the cloud is an inherently secure place to store data, just that it poses similar risks to other data storage methodologies which need to be assessed and dealt with accordingly. So when I hear statistics being bandied about such as '68 per cent of employees use personal cloud storage services at work' as was thrown in my direction this last week, I cannot help but …

Member Avatar
Member Avatar
+2 forum 4

It all started pretty well, with the announcement by Mozilla at the end of last month that the Firefox web browser would make the Internet a safer place by encrypting everything. That's everything, even those connections where the servers don't even support the HTTPS protocol. Developers of the Firefox browser have moved one step closer to an Internet that encrypts all the world's traffic with a new feature that can cryptographically protect connections even when servers don't support HTTPS. The 'Opportunistic Encryption' (OE) feature essentially acts as a bridge between non-compliant plaintext HTTP connections and fully compliant and secure HTTPS …

Member Avatar
+1 forum 0

According to new research from Venafi, apparently some 74 percent of 'Forbes Global 2000 organizations' (or the big boys of business if you prefer) have yet to properly secure their public facing servers against the Heartbleed OpenSSL threat. That's a year after the thing broke for goodness sake! Venafi found that at least 580,000 hosts belonging to this elite group of enterprises were still vulnerable as full and proper threat remediation had not been applied. They were patched, yes, but did not bother with the equally important steps of replacing private keys and revoking the old certificates. Apparently, looking at …

Member Avatar
Member Avatar
+2 forum 4

The Google Glass wearable computing 'enhanced reality' project got off the ground this week at the Google I/O Developers Conference in San Francisco earlier this week. Around 6,000 developers were present to see a demonstration of the futuristic technology which integrates a small video-display suspended from the arm of the headset which is worn like a pair of spectacles. Complete with Internet connectivity, a battery in the arm and the ability to change the perspective of the video stream as you move your head, the Google Glass prototype is no heavier than a standard pair of sunglasses and just as …

Member Avatar
Member Avatar
+2 forum 26

It's that time of year again, and the latest [Secunia Vulnerability Review](http://secunia.com/vr2015/) has been published. This analysed anonymous data gathered from scans right across 2014 of millions of computers which have Secunia Personal Software Inspector (PSI) installed and revealed some interesting statistics. On average, the computers used by the people running PSI had 76 programs installed on them and these vary from country to country. Secunia focussed its attention on what it calls "a representative portfolio of the 50 most common applications" which compromised 34 Microsoft and 16 non-Microsoft ones. So what did the analysis discover? You might be surprised …

Member Avatar
+1 forum 0

The recently revised Facebook community standards page states that the social network is on a mission "to give people the power to share and make the world more open" however it appears that it may have been giving the wrong people the power to share stuff you thought was private. According to security researcher and bug bounty hunter [Laxman Muthiyah](http://www.7xter.com/2015/03/how-i-exposed-your-private-photos.html) Facebook's photo sync feature came with a critical flaw which "allows any malicious Facebook application to read your mobile photos." The vulnerability concerns Facebook's Photo Sync feature for mobile users, which was introduced back in 2012 but because it was …

Member Avatar
Member Avatar
+1 forum 1

As with any online service that starts to get popular traction and experiences rapid growth, social network come micro-blog platform Tumblr has been the target of just about every kind of scam and attempted cyber-criminal subversion out there [inclduing some of its own making](http://www.daniweb.com/internet-marketing/social-media-and-communities/news/459258/tumblr-warns-users-to-change-password-after-security-mess). Most of the time it's not worth reporting on these as they fall into the 'same old, same old' category, and if we did then DaniWeb would be so awash with scam warnings that every other posting would be drowned into obscurity. However, this one is worthy of our attention. Not least as it seems to …

Member Avatar
Member Avatar
+0 forum 4

Halifax is the town in West Yorkshire where I live, and it also happens to be the name of a well known UK Bank which started life there. Best known on the this side of the pond for TV adverts featuring a friendly chap called Howard Brown, a former customer services representative and sales ambassador for HBOS which owns the Halifax. If recent reports are correct, then before long the Halifax could also gain notoriety for replacing passwords and PIN codes with bio-metrics. Not just any old biometrics mind, none of this old-fashioned fingerprint scanning malarkey for Howard and co; …

Member Avatar
Member Avatar
+0 forum 3

Content Management Systems (CMS) may not be the most interesting topic on the tech table, but oh boy does WordPress liven things up in this sector. Not, it has to be said, always in a good way. I've lost count of the number of WordPress vulnerability stories that I've read over this last 12 months, and have even written a few myself. of course, more often than not [it isn't WordPress itself that is the problem](http://www.itpro.co.uk/security/24163/the-wordpress-cms-isnt-insecure-you-are) but one of the gazillion plug-ins that are out there and being used to customize it and add functionality. There was the [SoakSoak malware](https://www.daniweb.com/web-development/php/news/489065/kings-of-google-gun-for-supersoaker-soaksoak-wordpress-malware-warning) …

Member Avatar
Member Avatar
+3 forum 2

I don't usually write about acquisitions and all that financial stuff, but news that PayPal has acquired CyActive caught my eye as apparently this brings the promise of 'bio-inspired predictive security' into the online payments provider threat protection mix. Which made me think, just what the heck is bio-inspired predictive security when it's at home, and why has PayPal bought into it? ![cyactive.jpg](/attachments/large/0/262c724e7b79e730b40c8e9772dd6fb5.jpg "align-center") My first port of call in trying to get a line on this was the [official PayPal blog posting](https://www.paypal-community.com/t5/PayPal-Forward/PayPal-Establishes-New-Security-Center/ba-p/956298) on the thing. "While we have industry-leading fraud models and verification techniques, and a world-class security team" …

Member Avatar
+2 forum 0

In his essay '[A Few Thoughts on Cryptographic Engineering](http://blog.cryptographyengineering.com/2013/12/how-does-nsa-break-ssl.html)' Matthew Green, a cryptographer and research professor at Johns Hopkins University, asks "how the hell is NSA breaking SSL?" If this is news to you, following the Edward Snowden revelations in The Guardian, then you obviously haven't read the New York Times piece about the NSA 'Bullrun' [briefing sheet](http://www.nytimes.com/interactive/2013/09/05/us/documents-reveal-nsa-campaign-against-encryption.html?_r=1&) which quite plainly states that the agency has been circumventing exactly the type of encryption protection of everyday Internet communications that we take for granted, such as SSL (Secure Sockets Layer). Of course, as Green has hinted at here, it's not the …

Member Avatar
Member Avatar
+3 forum 5

Windows is, according to just about any security expert you ask, the operating system most vulnerable to attack. Unless the security expert happens to be from Microsoft, that is. So it was quite refreshing to see Microsoft admitting to a spike in attacks on Windows this week. [attach]15849[/attach]According to [URL="http://blogs.technet.com/b/mmpc/archive/2010/07/13/update-on-the-windows-help-and-support-center-vulnerability-cve-2010-1885.aspx"]a posting by Holly Stewart on the Microsoft Malware Protection Center Threat Research & Response Blog[/URL] Windows XP and Windows 2003 are officially under attack. Russia has seen ten times as many attack attempts than the global average, and the UK has witnessed a "surge" in the words of Microsoft. Referring …

Member Avatar
Member Avatar
+0 forum 7

Spring has been getting rather unseasonably hot for Apache users as far as security flaws go. First there was news of how the FREAK (Factoring Attack on RSA-EXPORT Keys) vulnerability could impact Apache. For more on FREAK see this [excellent analysis](http://blog.cryptographyengineering.com/2015/03/attack-of-week-freak-or-factoring-nsa.html) by Matthew Green, a cryptographer and research professor at Johns Hopkins University. Green points out that "Apache mod_ssl by default will generate a single export-grade RSA key when the server starts up, and will simply re-use that key for the lifetime of that server. What this means is that you can obtain that RSA key once, factor it, and …

Member Avatar
+1 forum 0

Addressing last weeks Securi-Tay conference hosted by the Abertay Ethical Hacking Society in Scotland, Stephen Tomkinson from the NCC Group detailed how Blu-ray players can do more than play videos; they can open up a new attack surface for the hacker. Tomkinson demonstrated a new tool that had been released in order to enable the investigation of embedded network devices, and used the network exposed features on a common Blu-ray player as an example. He showed how an innocent looking Blu-ray disc can actually circumvent sandboxes and present the hacker with control of the underlying systems. Of course, that innocent …

Member Avatar
+2 forum 0

Although the term 'reflection DoS' is nothing new, I recall reading something about it three years ago when a high profile security researcher [used it to describe](http://www.understandingcomputers.ca/articles/grc/drdos_copy.html) how malicious SYN packets were being reflected off bystanding TCP servers and the SYN/ACK responses used to flood his bandwidth. More recently, Garrett Gross from security vendor AlienVault [recently wrote about](https://www.alienvault.com/blogs/security-essentials/emerging-threat-reflection-using-sql-servers) the relatively new method of amplification Denial of Service (DoS), also known as a reflection attack, using SQL servers. This was actually first reported at the back end of last year when servers belonging to the City of Columbia, Missouri were hit …

Member Avatar
Member Avatar
+1 forum 2

Chinese computer manufacturer [Lenovo has admitted](http://support.lenovo.com/us/en/product_security/superfish) that it installed an adware component called Superfish on 16 million PCs shipped between September 2014 and February 2015 in order to "help customers potentially discover interesting products while shopping" according to an official statement made by the company. Although there is some argument to be had as to the validity of the 'helping customers' idea regarding software which injects third party adverts into Google searches and websites without the explicit permission or knowledge of the user, where there is no debate to be had at all is in the bloody great security hole …

Member Avatar
Member Avatar
+6 forum 7

The hacker collective known as Anonymous first declared war on Islamic State (formerly known as ISIS) supporters back in the Summer of 2014 with [Operation NO2ISIS](http://www.forbes.com/sites/jasperhamill/2014/06/27/anonymous-hacktivists-prepare-for-strike-against-isis-supporters/) which promised to target the online infrastructure of those countries sponsoring Islamic State militants. This declaration followed the hacking of an Anonymous Twitter account, @TheAnonMessage, which was then used to post photos of a terrorist assault near Baghdad. At the time, an Anonymous spokesperson stated that "these savages who have no religion or morality are bent on burning everything in their path, killing and pillaging as they go. They must be stopped." Because Islamic …

Member Avatar
Member Avatar
+4 forum 9

Cancer is a terrible disease which it has claimed the life of a well known technology journalist and a well known coder within the last couple of weeks. Now Facebook has been diagnosed as being in the final stages of that online cancer which is a disregard for user privacy, and I think it is probably terminal. The issues have not gone unnoticed by the media, including the DaniWeb news team, with [URL="http://www.daniweb.com/news/story281329.html"]Ron Miller reporting[/URL] how some people are very unhappy with such things as the recent 'instant personalisation' feature that shares user activities as they move around the web, …

Member Avatar
Member Avatar
+0 forum 9

The End.