6 C
London
Sunday, November 19, 2017
Home Tags Byte

Tag: Byte

Image from mobile AC-130 Gunship Simulator apparently came from a YouTube trailer.
The authors of malware use various techniques to circumvent defensive mechanisms and conceal harmful activity. One of them is the practice of hiding malicious code in the context of a trusted process.

Typically, malware that uses concealment techniques injects its code into a system process, e.g. explorer.exe.

But some samples employ other interesting methods. We're going to discuss one such type of malware.
A little while back we were investigating the malicious activities of the Freakyshelly targeted attack and came across spear phishing emails that had some interesting documents attached to them.

They were in OLE2 format and contained no macros, exploits or any other active content.
A collection of Bluetooth implementation vulnerabilities known asBlueBornehas been released.

These vulnerabilities collectively affect Windows,iOS,and Linux-kernel-based operating systems including Android and Tizen,and may in worst case allow an unauthenticated attacker to perform commands on the device.
Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file.

For devices utilizing this environment encryption mode,U-Boot's use of a zero initialization vector and improper handling of an error condition may allow attacks against the underlying cryptographic implementation and allow an attacker to decrypt the data.

Introducing WhiteBear

As a part of our Kaspersky APT Intelligence Reporting subscription, customers received an update in mid-February 2017 on some interesting APT activity that we called WhiteBear.
It is a parallel project or second stage of the Skipper Turla cluster of activity documented in another private report. Like previous Turla activity, WhiteBear leverages compromised websites and hijacked satellite connections for command and control (C2) infrastructure.
In one of our previous articles, we analyzed the NeutrinoPOS banker as an example of a constantly evolving malware family.

A week after publication, this Neutrino modification delivered up a new malicious program classified by Kaspersky Lab as Trojan-Banker.Win32.Jimmy.
Incredible hack perpetually alters game through nothing but controller input.
In the several years that the Dridex family has existed, there have been numerous unsuccessful attempts to block the botnetrsquo;s activity.

The ongoing evolution of the malware demonstrates that the cybercriminals are not about to bid farewell to their brainchild, which is providing them with a steady revenue stream.
Yahoo promptly retired ImageMagic library after failing to install 2-year-old patch.
The simple line of code made it possible for attackers to view private Yahoo Mail images.
Purple Palace pays researcher US$778 bounty per byte How would you like US$778 per byte for your exploit?…