Fileless Attack Vector

  • skeeved's picture
  • Posted on: 13 June 2017
  • By: skeeved

A new malware vector, using a sophisticated fileless method of infecting machines, has been documented by Morphisec.

This new attack is targeting restaurants and begins with a phishing email containing an .rtf file attachment. When the attachment is opened and double-clicked a convoluted series of steps is taken:

Samsung Galaxy S8 Iris Scanner Hacked

  • skeeved's picture
  • Posted on: 24 May 2017
  • By: skeeved

Samsung's newest flagship phone, the Galaxy S8, comes with a new security feature that allows the phone to be unlocked using iris based authentication.

The feature has already been circumvented by printing a picture of the owner's face.

Recommendation: keep using the PIN to lock/unlock your phone.

http://news.softpedia.com/news/samsung-galaxy-s8-s-iris-scanner-hacked-w...

Jaff - Newest Ransomware Enters the Fray

  • skeeved's picture
  • Posted on: 12 May 2017
  • By: skeeved

The newest ransomware malware threat has begun appearing as massive numbers of emails spew from the Necurs botnet.

Jaff is currently being sent as a PDF attachment with an embedded Microsoft Word document. The Word document is launched when the PDF is opened by a JavaScript script in the PDF. Once the Word document is opened, a VBScript script is executed which begins the malware download.

As is usual with email distributed malware, end-user education goes a long way toward stopping this threat in it's tracks. There are a lot of hoops to jump through to become infected.

The French Election and How Macron's Campaign Thwarted the Hackers

  • skeeved's picture
  • Posted on: 10 May 2017
  • By: skeeved

Russian hacking and interference in other country's elections seems to be quite common place these days.

As reported by the New York Times (and others), French president-elect Emmanuel Macron's campaign staff became aware of attempts to sway the election by, among other things, a warning from the American NSA.

Pinlogger.js - Stealing PINs

  • skeeved's picture
  • Posted on: 19 April 2017
  • By: skeeved

Researchers have recently demonstrated a new technique for stealing sensitive information entered into browsers on mobile platforms, via javascript that can be inserted into a page, iframe or embedded ad.

In some cases, the attack can work even when the browser is running in the background. Success rates for guessing four digit PINs was 70.75% on the first attempt and 94.03% on the third attempt.

https://arxiv.org/abs/1605.05549

Pages