6 C
London
Tuesday, November 21, 2017
Home Tags SOCKS

Tag: SOCKS

Your periodic reminder: Google is chronically unable to detect untrustworthy apps.
Prosecutors say Marcus Hutchins admitted he wrote alleged malware.

Defense disagrees.
If Forza Horizon 3 wasnrsquo;t your off-road cup of tea, get a load of this.
Researchers say Necurs malware has been updated with a module that adds SOCKS/HTTP proxy and DDOS capabilities to this malware.
Linux-Proxy-10 allows crooks to remain anonymous online Several thousand Linux devices have been infected with a new Linux-based trojan, Russian security software firm Doctor Web warns. The Linux-Proxy-10 Trojan infects network devices running Linux, turning them into a platform for cybercrime that allows crooks to remain anonymous online.

Black hats run freeware code called the Satanic Socks Server on infected devices. Miscreants hack into devices that are running with default passwords or are already infected with Linux malware in order to plant the malware. Back in 2004, the Sasser worm removed infections caused by the MyDoom mass mailer worm on compromised systems.

This kind of red-on-red action is messy and chaotic. Last year's Mirai worm showed the carnage that could result from abusing compromised IoT systems.

The appearance of a new trojan that – like Mirai – takes advantage of default user credentials to infect IoT devices is therefore bad enough, without considering the possibility of more strains of malware capable of easily spreading onto already hacked devices. ® Sponsored: Continuous lifecycle London 2017 event.

DevOps, continuous delivery and containerisation. Register now
Securing you from head to toe! Wait... what? How secure are your feet? With these exclusive socks from, er, Kaspersky, your tootsies will never be subject to another bout of ransomware again. The stylish black footwear was being handed out, along with advent calendars, at Kaspersky's Christmas bash in London last night. Available in whatever size was thrust at you as you stumbled off into the night, these are for Euro sizes 39-42, or 6 to 8 in UK sizes. The socks appear to be synthetic, for extra man-made protection from malware miscreants. Kaspersky (the company, not Eugene, who sadly wasn't present last night) said next year will feature lots of malware and business will be good. We think that's what they probably said anyway.

The infosec-themed cocktails were rather moreish. We're not entirely sure if old man Eugene knows that his mug will shortly be adorning the ankles of Britain's technology press, but if he is, good on you, Mr K.

Good on you. The essential question at Vulture Central this morning is: Are your feet more secure with Kaspersky's face on the inside or the outside? Put your thoughts in the comments section below. ® Socknote There is a spare pair of these collected by another Vulture who feels that his feet are adequately antivirused without Eugene's face on them. Most amusing comment below might get them. Sponsored: Customer Identity and Access Management
New Features Added to Managed File Transfer Products Help IT Teams Protect Data When Most VulnerableLondon, UK. 11th October, 2016 – Ipswitch, the leader in easy to try, buy and use IT management software, today announced MOVEit® 2017 – the combined release includes new versions of its industry leading Managed File Transfer products MOVEit® Transfer, MOVEit® Automation and Ipswitch® Analytics.

These new releases significantly enhance the ability of IT teams to ensure the secure exchange of sensitive data with external partners on a global scale, and in compliance with data protection regulations such as HIPAA, PCI and GDPR. Ipswitch MOVEit 2017 In our information-based economy, the daily exchange of data with external organisations has become a core process of businesses across a large number of industries. Healthcare providers and Insurers routinely share Protected Health Information (PHI) between themselves and regulatory agencies. Retailers and Financial institutions transmit payment card data. Organisations in multiple industries routinely exchange Personally Identifiable Information (PII).

All of this data is protected by regulations such as HIPAA (Health Insurance Portability and Accountability Act), PCI DSS (Payment Card Industry Data Security Standard), GDPR (the European Union’s General Data Protection Regulation) and others. PHI, PII and payment card data are the target of global cybercriminal activity. MOVEit® helps safeguard that data when it is most vulnerable – in transit, as well as when the data is at rest, with best in class encryption. Ipswitch’s industry leading MOVEit® products help IT teams ensure these exchanges are secure, in compliance with data protection regulations, and automated to reduce IT overhead costs and meet internal and external Service Level Agreements (SLAs). MOVEit Transfer 2017 provides enhanced language support and improvements to its user interface. MOVEit users can now externally transfer files in any language (including support for Japanese and Simplified Chinese) to anywhere in the world securely and in compliance with multiple data protection regulations. MOVEit Automation 2017 includes new features that significantly extend IT team’s ability to automate core data exchange processes at high volumes while continuing to meet SLAs and reduce IT costs.

These include improvements to its state-of-the-art web admin interface, the ability to manage files and resources in any language and SOCKS proxy support for SFTP hosts. Ipswitch Analytics 2017 enables SLA and compliance reporting with new advanced data filters, and enhanced management of security keys, licenses and agents.

Additionally, Ipswitch Analytics provides new agents for Microsoft Exchange that extend IT teams’ visibility to include data transfers that occur through email.

This significantly enhances the organisations ability to assure regulatory compliance by providing first time visibility into an area of increasing concern – ad hoc file transmissions of sensitive data by employees. “With many organisations implementing security policies to restrict manual file transfers, IT teams need a flexible, IT-approved solution that provides the ease-of-use that today’s employees crave combined with the security IT teams demand for protection and compliance,” said Austin O’Malley, Chief Product Officer at Ipswitch. “Thousands of companies in some of the most data-sensitive industries are using MOVEit 2017 to better manage data exchange processes from a central console that is understandable and easy-to-use.” EditionsTo make it easier for IT teams to buy a solution that meets their exact requirements while increasing the value they receive from their investment, MOVEit Transfer 2017 and MOVEit Automation 2017 are offered in Standard, Professional and Premium editions. MOVEit Automation 2017 is also offered in an additional edition, Basic, which is ideal for small businesses. All MOVEit 2017 solutions – MOVEit Transfer, MOVEit Automation, Ipswitch Analytics and Ipswitch Gateway – are combined in the comprehensive MOVEit Complete package, which simplifies IT teams’ Managed File Transfer needs in Standard, Professional and Premium editions as well. MOVEit has been reliably and predictably transferring files for thousands of customers and millions of users across several vertical industries – including banking, financial services, insurance, healthcare and retail.

To learn more about MOVEit 2017, visit https://www.ipswitch.com/secure-information-and-file-transfer/moveit-mft-complete. END About IpswitchToday’s hard-working IT teams are relied upon to manage increasing complexity and deliver near-zero downtime.
Ipswitch IT and network management software helps them succeed by enabling secure control of business transactions, applications and infrastructure.
Ipswitch software is powerful, flexible and easy to try, buy and use.

The company’s software helps teams shine by delivering 24/7 performance and security across cloud, virtual and network environments.
Ipswitch Unified Infrastructure and Applications Monitoring software provides end-to-end insight, is extremely flexible and simple to deploy.

The company’s Information Security and Managed File Transfer solutions enable secure, automated and compliant business transactions and file transfers for millions of users.
Ipswitch powers more than 150,000 networks spanning 168 countries, and is based in Lexington, Mass., with offices throughout the U.S., Europe, Asia and Latin America.

For more information, please visit http://www.ipswitch.com/, or connect with us on LinkedIn and Twitter. Media Contact:Rebecca Orr or Richard WolfeTOUCHDOWNPROffice: +44 (0) 1252 717 040ipswitch@touchdownpr.com
Up to half a million downloads clocked for one poision app. More than 400 malicious apps from a single attacker have been successfully uploaded to the Google Play store, with one downloaded up to half a million times, Trend Micro malware researcher Echo Duan says. The malware is disguised as various games, phone boosters, and themes that when executed can compromise devices and connected networks, download additional payloads, and enslave handsets into botnets. Such malware is usually barred from the Google Play store thanks to security analysis checks Mountain View runs to determine apps that steal user data, spam with advertisements, or adversely impact privacy. The prolific authors who have created some 3000 variants of the DressCode malware have had a significant win in breaching Google's defences since apps hosted on the Play store are considered and marketed as safe. Duan says the malware attempts to gain a foothold on any networks the compromised handsets are connected to making it a threat to to enterprises and small businesses. This malware gives attackers an avenue into internal networks which compromised devices are connected to—a notable risk if the device is used to connect to company networks. "If an infected device connects to an enterprise network, the attacker can either bypass the NAT device to attack the internal server or download sensitive data using the infected device as a springboard," Duan says. "With the growth of bring your own device programs, more enterprises are exposing themselves to risk via care-free employee mobile usage. "[The installed SOCKS proxy] can be used to turn devices into bots and build a botnet." DressCode and you.
Image: Trend Micro. Duan says the malicious code was a small fraction of the total app codebase making it "difficult" for Google to detect. One app offering a Grand Theft Auto theme for Minecraft clocked between 100,000 and 500,000 downloads according to Google Play's metric bands. Compromising modern Android handsets is increasingly difficult for regular malware players thanks to big leaps in defensive upgrades, but most phone users run old, unsupported, and dangerously exposed versions of the mobile operating system. Some 35 percent of Android users operate version five (Lollipop) of Google's platform released in 2014, while about 25 percent run ancient version 4.4 (Kitkat) published in 2013. Fewer than 10 percent run Android version six (Marshmallow) released last year and virtually no one other than owners of Nexus 6P devices sports version seven (Nougat) published last month. Outside of the Nexus line, handsets everywhere are locked into custom vendor ROMs and as such must reply on manufacturers to push through Google's security updates and patches. Trend Micro says it flagged some 16.6 million malware detections as of August, 40 per cent up on January figures. ®
EnlargeCurious Expeditions reader comments 4 Share this story Google Play was recently found to be hosting more than 400 apps that turned infected phones into listening posts that could siphon sensitive data out of the protected networks they connected to, security researchers said Thursday. One malicious app infected with the so-called DressCode malware had been downloaded from 100,000 to 500,000 times before it was removed from the Google-hosted marketplace, Trend Micro researchers said in a post. Known as Mod GTA 5 for Minecraft PE, it was disguised as a benign game, but included in the code was a component that established a persistent connection with an attacker controlled server.

The server then had the ability to bypass so-called network address translation protections that shield individual devices inside a network.

Trend Micro has found 3,000 such apps in all, 400 of which were available through Play. Enlarge "This malware allows threat actors to infiltrate a user's network environment," Thursday's report stated. "If an infected device connects to an enterprise network, the attacker can either bypass the NAT device to attack the internal server or download sensitive data using the infected device as a springboard." The report continued: The malware installs a SOCKS proxy on the device, building a general purpose tunnel that can control and give commands to the device.
It can be used to turn devices into bots and build a botnet, which is essentially a network of slave devices that can be used for a variety of schemes like distributed denial-of-service (DDoS) attacks—which have become an increasingly severe problem for organizations worldwide—or spam email campaigns.

The botnet can use the proxied IP addresses also generated by the malware to create fake traffic, disguise ad clicks, and generate revenue for the attackers. Google representatives didn't immediately respond to e-mail seeking comment for this post. Trend Micro's report comes three weeks after researchers from separate security firm Checkpoint said they detected 40 DressCode-infected apps in Google Play. Trend said that only a small portion of each malicious app contained the malicious functions, a feature that makes detection difficult.
In 2012, Google introduced a cloud-based security scanner called Bouncer that scours Play for malicious apps.
Since then, thousands of malicious apps have been detected by researchers.

This raises a question: if outside parties can find them, why can't Google find them first?