Michael Kan

About the Author Michael Kan


‘Kill switch’ helps slow the spread of WannaCry ransomware

Friday’s unprecedented ransomware attack may have stopped spreading to new machines — at least briefly — thanks to a “kill switch” that a security researcher has activated.

The ransomware, called Wana Decryptor or WannaCry, has been found infecting machines across the globe. It works by exploiting a Windows vulnerability that the U.S. National Security Agency may have used for spying.

The malware encrypts data on a PC and shows users a note demanding $300 in bitcoin to have their data decrypted. Images of the ransom note have been circulating on Twitter. Security experts have detected tens of thousands of attacks, apparently spreading over LANs and the internet like a computer worm.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Ransomware attack spreads worldwide using alleged NSA exploit

A ransomware attack appears to be spreading around the world, leveraging a hacking tool that may have come from the U.S. National Security Agency.

The ransomware, called Wanna Decryptor, struck hospitals at the U.K.’s National Health Service on Friday, taking down some of its network.

Spain’s computer response team, CCN-CERT, has also warned of  a “massive attack” from the ransomware strain, amid reports that local telecommunications firm Telefonica was hit.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

A ransomware attack is spreading worldwide, using alleged NSA exploit

A ransomware attack appears to be spreading around the world, leveraging a hacking tool that may have come from the U.S. National Security Agency.

The ransomware, called Wanna Decryptor, struck hospitals at the U.K.’s National Health Service on Friday, taking down some of its network.

Spain’s computer response team, CCN-CERT, has also warned of  a “massive attack” from the ransomware strain, amid reports that local telecommunications firm Telefonica was hit.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Trump’s cybersecurity order pushes U.S. government to the cloud

President Donald Trump has finally signed a long-awaited executive order on cybersecurity, and he called for the U.S. government to move more into the cloud and modernize its IT infrastructure.

The order, signed on Thursday, is designed to “centralize risk” and move the government’s agencies toward shared IT services, White House homeland security adviser Tom Bossert said in a press briefing   

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Patch to fix Intel-based PCs with enterprise bug rolls out this week

PC vendors this week will start rolling out patches that fix a severe vulnerability found in certain Intel-based business systems, including laptops, making them easier to hack.   

Intel on Friday released a new notice urging clients to take steps to secure their systems.

The chipmaker has also released a downloadable tool that can help IT administrators and users discover whether a machine they own has the vulnerability.

In addition, vendors including Fujitsu, HP and Lenovo have released lists showing which products are affected and when the patches will roll out. 

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Top tips for finding the right cybersecurity products

Having trouble finding the right security products for your business? You’re not the only one.

Today’s market is filled with hundreds of vendors and plenty of marketing hype. But figuring out which solutions are worthwhile can be a challenge, especially for businesses with little experience in cybersecurity.  

So we asked actual buyers of enterprise security products for tips, and here’s what they said.  

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Google Docs phishing scam underscores OAuth security risks

Google has stopped Wednesday’s clever email phishing scheme, but the attack may very well make a comeback.

One security researcher has already managed to replicate it, even as Google is trying to protect users from such attacks.

“It looks exactly like the original spoof,” said Matt Austin, director of security research at Contrast Security.

The phishing scheme — which may have circulated to 1 million Gmail users — is particularly effective because it fooled users with a dummy app that looked like Google Docs.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Sneaky Gmail phishing attack fools with fake Google Docs app

Google Docs was pulled into a sneaky email phishing attack on Tuesday that was designed to trick users into giving up access to their Gmail accounts.

The phishing emails, which circulated for about three hours before Google stopped them, invited the recipient to open what appeared to be a Google Doc. The teaser was a blue box that said, “Open in Docs.”

In reality, the link led to a dummy app that asked users for permission to access their Gmail account.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Sneaky Gmail phishing attack fools with fake Google Docs app

Google Docs was pulled into a sneaky email phishing attack on Tuesday that was designed to trick users into giving up access to their Gmail accounts.

The phishing emails, which circulated for about three hours before Google stopped them, invited the recipient to open what appeared to be a Google Doc. The teaser was a blue box that said, “Open in Docs.”

In reality, the link led to a dummy app that asked users for permission to access their Gmail account.

screen shot 2017 05 03 at 2.38.57 pmReddit

An example of the phishing email that circulated on Tuesday.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Vulnerability hits Intel enterprise PCs going back 10 years

Intel is reporting a firmware vulnerability that could let attackers take over remote management functions on computers built over nearly the past decade.

The vulnerability, disclosed on Monday, affects features in Intel firmware that are designed for enterprise IT management.  

Enterprises using Intel Active Management Technology, Intel Small Business Technology and Intel Standard Manageability on their systems should patch them as soon as possible, the company says.

The vulnerable firmware features can be found in some current Core processors and all the way back to Intel’s first-generation Core, called Nehalem, which shipped in 2008. They’re part of versions 6.0 through 11.6 of Intel’s manageability firmware.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Vulnerability hits Intel enterprise PCs going back 10 years

Intel is reporting a firmware vulnerability that could let attackers take over remote management functions on computers built over nearly the past decade.

The vulnerability, disclosed on Monday, affects features in Intel firmware that are designed for enterprise IT management.  

Enterprises using Intel Active Management Technology, Intel Small Business Technology and Intel Standard Manageability on their systems should patch them as soon as possible, the company says.

The vulnerable firmware features can be found in some current Core processors and all the way back to Intel’s first-generation Core, called Nehalem, which shipped in 2008. They’re part of versions 6.0 through 11.6 of Intel’s manageability firmware.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

NSA ends surveillance tactic that pulled in citizens’ emails, texts

The U.S. National Security Agency will no longer sift through emails, texts and other internet communications that mention targets of surveillance.

The change, which the NSA announced on Friday, stops a controversial tactic that critics said violated U.S. citizens’ privacy rights.

The practice involved flagging communications where a foreign surveillance target was mentioned, even if that target wasn’t involved in the conversation. Friday’s announcement means the NSA will stop collecting this data.

“Instead, this surveillance will now be limited to only those communications that are directly ‘to’ or ‘from’ a foreign intelligence target,” the NSA said in a statement.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Ransomware attacks are taking a bigger toll on victims’ wallets

Hackers spreading ransomware are getting greedier. In 2016, the average ransom demand to free computers hit with the infection rose to $1,077, up from $294 the year before, according to security firm Symantec.

“Attackers clearly think that there’s more to be squeezed from victims,” Symantec said in a Wednesday report

In addition, the security company has been detecting more ransomware infection attempts. In 2016, the figure jumped 36 percent compared with the prior year.  

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Ransomware attacks are taking a bigger toll on victim’s wallets

Hackers spreading ransomware are getting greedier. In 2016, the average ransom demand to free computers hit with the infection rose to $1,077, up from $294 the year before, according to security firm Symantec.

“Attackers clearly think that there’s more to be squeezed from victims,” Symantec said in a Wednesday report

In addition, the security company has been detecting more ransomware infection attempts. In 2016, the figure jumped 36 percent compared with the prior year.  

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Old Windows Server machines can still fend off hacks. Here’s how

If you’re running a Windows Server 2003 machine, you have a problem. Your already-vulnerable computer is now at severe risk of being hacked.

That’s due to the internet release earlier this month of a batch of updates that paint a bulls-eye on computers running Windows Server 2003, according to security researchers.

“I can teach my mom how to use some of these exploits,” said Jake Williams, founder of Rendition Infosec, a security provider. “They are not very complicated at all.”

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Old Windows Server machines can still fend off hacks. Here’s how

If you’re running a Windows Server 2003 machine, you have a problem. Your already-vulnerable computer is now at severe risk of being hacked.

That’s due to the internet release earlier this month of a batch of updates that paint a bull’s-eye on computers running Windows Server 2003, according to security researchers.

“I can teach my mom how to use some of these exploits,” said Jake Williams, founder of Rendition Infosec, a security provider. “They are not very complicated at all.”

Experts are urging affected businesses to upgrade to the latest Windows OSes, which offer security patches that can address the threat.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

There’s now a tool to test for NSA spyware

Has your computer been infected with a suspected NSA spying implant? A security researcher has come up with a free tool that can tell.

Luke Jennings of security firm Countercept wrote a script in response to last week’s high-profile leak of cyberweapons that some researchers believe are from the National Security Agency. It’s designed to detect an implant called Doublepulsar, which is delivered by many of the Windows-based exploits found in the leak and can be used to load other malware.

The script, which requires some programming skill to use, is available for download on GitHub.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

At $175, this ransomware service is a boon to cybercriminals

Cybercriminals have another easy-to-use ransomware kit to add to their arsenals, thanks to a new variant called Karmen that hackers can buy on the black market for $175.

A Russian-speaking user called DevBitox has been advertising the ransomware in underground forums, security firm Recorded Future said in a blog post on Tuesday.  

Karmen is what experts call ransomware-as-a-service — a particularly worrisome trend. Amateur hackers with little technical know-how can buy access to them, and in return, they’ll receive a whole suite of web-based tools to develop their own ransomware attacks.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Rival IoT malware clash in a botnet territory battle

Mirai—a notorious malware that’s been enslaving IoT devices—has competition.

A rival piece of programming has been infecting some of the same easy-to-hack internet-of-things (IoT) products, with a resiliency that surpasses Mirai, according to security researchers.

“You can almost call it Mirai on steroids,” said Marshal Webb, CTO at BackConnect, a provider of services to protect against distributed denial-of-service (DDoS) attacks.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Microsoft: Past patches address leaked NSA exploits

Microsoft said it has already patched vulnerabilities revealed in Friday’s high-profile leak of suspected U.S. National Security Agency spying tools, meaning customers should be protected if they’ve kept their software up-to-date.

Friday’s leak caused concern in the security community. The spying tools include about 20 exploits designed to hack into old versions of Windows, such as Windows XP and Windows Server 2008.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Leaked NSA exploits plant a bull’s-eye on Windows Server

Friday’s release of suspected NSA spying tools is bad news for companies running Windows Server. The cyberweapons, which are now publicly available, can easily hack older versions of the OS.  

The Shadow Brokers, a mysterious hacking group, leaked the files online, setting off worries that cybercriminals will incorporate them in their own hacks.  

“This leak basically puts nation-state tools into the hands of anyone who wants them,” said Matthew Hickey, the director of security provider Hacker House.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Microsoft Word exploit linked to cyberspying in Ukraine conflict

A previously unknown Microsoft Office vulnerability was recently used to deliver spyware to Russian-speaking targets, in a possible case of cyberespionage.

Security firm FireEye noticed the intrusion attempt, which taps a critical software flaw that hackers are using to craft malicious Microsoft Word documents.

On Wednesday, FireEye said it uncovered one attack that weaponized a Russian military training manual. Once opened, the malicious document will deliver FinSpy, a surveillance software that’s been marketed to governments.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

US dismantles Kelihos botnet after Russian hacker’s arrest

The arrest last week of a Russian man in Spain was apparently for his role in a massive spam botnet and not related to an ongoing investigation into foreign tampering with last year’s U.S. election.

The botnet, called Kelihos, has enslaved hundreds of thousands of computers, and distributed spam and malware to users across the globe. However, the U.S. has taken action to dismantle the illegal operation, the Department of Justice said on Monday.

The arrest of 36-year-old Peter Yuryevich Levashov, the botnet’s alleged operator, was at first thought to be related to the ongoing U.S. investigation of presidential election-related hacking, but the DOJ said on Monday that wasn’t the case.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Suspected CIA spying tools linked to hacks in 16 countries

The suspected CIA spying tools exposed by WikiLeaks have been linked to hacking attempts on at least 40 targets in 16 countries, according to security firm Symantec.

The tools share “close similarities” with the tactics from an espionage team called Longhorn, Symantec said in a Monday post. Longhorn has been active since at least 2011, using Trojan programs and previously unknown software vulnerabilities to hack targets.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

The iCloud hackers’ bitcoin ransom looks like a fake

A group of hackers who claimed to hold millions of iCloud accounts for ransom said on Friday it had been paid. But one bitcoin expert said that’s bogus. 

The Turkish Crime Family grabbed headlines last month by claiming it had the stolen login credentials for more than 700 million icloud.com, me.com and mac.com accounts. The group demanded increasing ransoms from Apple while threatening to wipe the data from devices connected to the affected accounts if it did not.

On Friday, the hackers tweeted that they had been paid $480,000 in bitcoin. As proof, the group posted a link showing a transaction on Blockchain.info, a popular bitcoin wallet.  

To read this article in full or to leave a comment, please click here

Read more 0 Comments

WikiLeaks: CIA used bits of Carberp Trojan code for malware deployment

When the source code to a suspected Russian-made malware leaked online in 2013, guess who used it? A new release from WikiLeaks claims the CIA borrowed some of the code to bolster its own hacking operations.

On Friday, WikiLeaks released 27 documents that allegedly detail how the CIA customized its malware for Windows systems.

The CIA borrowed a few elements from the Carberp financial malware when developing its own hacking tool known as Grasshopper, according to those documents.

Carberp gained infamy as a Trojan program that can steal online banking credentials and other financial information from its victims’ computers. The malware, which likely came from the criminal underground, was particularly problematic in Russia and other former Soviet states.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

US says laptop ban may expand to more airports

The U.S. might add other airports to its ban restricting passengers from bringing laptops and other electronics into the cabin for certain flights from the Middle East.

“We may take measures in the not too distant future to expand the number of airports,” said Homeland Security secretary John Kelly on Wednesday during a congressional hearing.

Last month, the U.S. announced the ban, which affects ten airports, all of which are in Muslim-majority countries. Passengers flying to the U.S. are barred from bringing any electronic devices larger than a smartphone into a plane’s cabin, and must instead check them in as baggage.    

To read this article in full or to leave a comment, please click here

Read more 0 Comments

U.S. may expand laptop ban to more airports

The U.S. might add other airports to its ban restricting passengers from bringing laptops and other electronics into the cabin for certain flights from the Middle East.

“We may take measures in the not too distant future to expand the number of airports,” said Homeland Security secretary John Kelly on Wednesday during a congressional hearing.

Last month, the U.S. announced the ban, which affects ten airports, all of which are in Muslim-majority countries. Passengers flying to the U.S. are barred from bringing any electronic devices larger than a smartphone into a plane’s cabin, and must instead check them in as baggage.    

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Amazon to refund parents over kids’ in-app purchases, says FTC

Parents with children who ran up bills, sometimes huge, through in-app purchases stand to get some or all of that money back. Amazon could have to hand out more than $70 million in refunds to affected consumers, according to the U.S. Federal Trade Commission.

On Tuesday, the FTC and Amazon agreed to end their legal battle over whether the U.S. company unlawfully charged its customers for the purchases.

A year ago, a court found that Amazon had.

The company’s app store can be downloaded to Android devices and it runs on certain Kindle tablets. However, parents had complained that Amazon’s system had made it all too easy for their children to buy virtual items in the apps, without their consent.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Chinese hackers go after third-party IT suppliers to steal data

Companies that choose to outsource their IT operations should be careful. Suspected Chinese hackers have been hitting businesses by breaching their third-party IT service providers. 

Major IT suppliers that specialize in cloud storage, help desk, and application management have become a top target for the hacking group known as APT10, security providers BAE Systems and PwC said in a joint report.

That’s because these suppliers often have direct access to their client’s networks. APT10 has been found stealing intellectual property as part of a global cyberespionage campaign that ramped up last year, PwC said on Monday.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Notorious iOS spyware has an Android sibling

Security researchers have uncovered the Android version of an iOS spyware known as Pegasus in a case that shows how targeted electronic surveillance can be.

Called Chrysaor, the Android variant can steal data from messaging apps, snoop over a phone’s camera or microphone, and even erase itself.

On Monday, Google and security firm Lookout disclosed the Android spyware, which they suspect comes from NSO Group, an Israeli security firm known to develop smartphone surveillance products.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Notorious iOS spyware, Pegasus, has an Android sibling

Security researchers have uncovered the Android version of an iOS spyware known as Pegasus in a case that shows how targeted electronic surveillance can be.

Called Chrysaor, the Android variant can steal data from messaging apps, snoop over a phone’s camera or microphone, and even erase itself.

On Monday, Google and security firm Lookout disclosed the Android spyware, which they suspect comes from NSO Group, an Israeli security firm known to develop smartphone surveillance products.

Fortunately, the spyware never hit the mainstream. It was installed less than three dozen times on victim devices, most of which were located in Israel, according to Google. Other victim devices resided in Georgia, Mexico and Turkey, among other countries.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Banking hackers left clue that may link them to North Korea

The notorious hackers behind a string of banking heists have left behind a clue that supports a long-suspected link to North Korea, according to security researchers.

The so-called Lazarus Group has been eyed as a possible culprit behind the heists, which included last February’s $81 million theft from Bangladesh’s central bank through the SWIFT transaction software.

However, hackers working for the group recently made a mistake: They failed to wipe the logs from a server the group had hacked in Europe, security firm Kaspersky Lab said on Monday.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Latest WikiLeaks dump exposes CIA methods to mask malware

WikiLeaks may have dealt another blow to the CIA’s hacking operations by releasing files that allegedly show how the agency was masking its malware attacks.

On Friday, the site dumped the source code to the Marble Framework, a set of anti-forensic tools that WikiLeaks claims the CIA used last year.

The files do appear to show “obfuscation techniques” that can hide CIA-developed malicious coding from detection, said Jake Williams, a security researcher at Rendition InfoSec, who has been examining the files.

Every hacker, from the government-sponsored ones to amateurs, will use their own obfuscation techniques when developing malware, he said.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

In mining user data, ISPs have to weigh cash vs. privacy

U.S. internet service providers are about to face temptation.

Now that the broadband privacy rule repeal is almost certain, will they sell their customers’ data to marketers, or will they keep it private?

The U.S. broadband industry is telling consumers not to worry. Verizon, for instance, said that it remains committed to protecting users’ privacy.

What that exactly means is unclear, and some in the industry are skeptical.

Major broadband providers will be enticed to monetize their customers’ data in ad-heavy ways, said Dane Jasper, CEO of Sonic, a small ISP in California.

To read this article in full or to leave a comment, please click here

Read more 0 Comments