Sep 30 2016

More than 400 malicious apps infiltrate Google Play

Enlarge (credit: Curious Expeditions)

Google Play was recently found to be hosting more than 400 apps that turned infected phones into listening posts that could siphon sensitive data out of the protected networks they connected to, security researchers said Thursday.

One malicious app infected with the so-called DressCode malware had been downloaded from 100,000 to 500,000 times before it was removed from the Google-hosted marketplace, Trend Micro researchers said in a post. Known as Mod GTA 5 for Minecraft PE, it was disguised as a benign game, but included in the code was a component that established a persistent connection with an attacker controlled server. The server then had the ability to bypass so-called network address translation protections that shield individual devices inside a network. Trend Micro has found 3,000 such apps in all, 400 of which were available through Play.

"This malware allows threat actors to infiltrate a user's network environment," Thursday's report stated. "If an infected device connects to an enterprise network, the attacker can either bypass the NAT device to attack the internal server or download sensitive data using the infected device as a springboard."

Read 4 remaining paragraphs | Comments

Sep 30 2016

Google Releases Security Update for Chrome

Original release date: September 30, 2016

Google has released Chrome version 53.0.2785.143 to address multiple vulnerabilities for Windows, Mac, and Linux. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary update.


This product is provided subject to this Notification and this Privacy & Use policy.


Sep 30 2016

mimikittenz – Extract Plain-Text Passwords From Memory

mimikittenz is a post-exploitation powershell tool that utilizes the Windows function ReadProcessMemory() in order to extract plain-text passwords from various target processes. The aim of mimikittenz is to provide user-level (non-admin privileged) sensitive data extraction in order to maximise post exploitation efforts and increase value of...

Read the full post at darknet.org.uk
Sep 29 2016

Sharing Cybersecurity Threat Intelligence Is the Only Way We Win

threat-intel-sharing

Cybersecurity is a team sport. The bad guys share information, expertise, and code as they help one another. The good guys must do the same to keep pace. Sharing threat intelligence is a key aspect in which the knowledge gained by the owners of sensor networks can share data with the security analysis community.  This generosity provides the necessary breadth of data to understand trends, new infections, how botnets are communicating, whether directed targeting is occurring, and even if different attackers are collaborating.

Sadly, sharing is not the norm. Many security companies look at this data as a competitive advantage to sell their products and services. They keep it to themselves in hopes they can find a nugget and market it as a way to win new customers. But the cost of this approach is losing the bigger picture of overall effectiveness.

This attitude is slowly changing. Some security firms are stepping up and sharing more and more data, redacted from personal information and containing only attack characteristics. The combined aspects are like pieces of a massive puzzle that analysts can examine for trends. These puzzle pieces are hugely important to everyone.

I am glad to see major security vendors and researchers beginning to share insights and data. Consortiums such as the Cyber Threat Alliance and sites like VirusTotal lead the way.
cyber-threat-allianceThe Information Sharing and Analysis Organization (ISAO), established as part of a US presidential order in 2015, is developing voluntary standards for private and public data sharing.

But we need more sharing! Attacks are occurring at a phenomenal rate. Malware alone is out of control, with about 44,000 unique samples discovered every day. Security organizations must leverage each other’s information to better predict, prevent, detect, and respond to threats that their customers and organizations face.

The battle that should be fought is not between security vendors, but rather between the threats and collective defensive organizations which stand between attackers and their victims. We must work together to stem the tide of cyberattacks. Public sentiment is very important. If we want our technology to be safe, we must send a clear message to our security vendors. Share threat data or we will patronize a different supplier of security products and services. We have a voice and a vote (with our wallets).

 

Interested in more?  Follow me on Twitter (@Matt_Rosenquist) and LinkedIn to hear insights and what is going on in cybersecurity.

My original post of this blog can be found on DarkReading.

The post Sharing Cybersecurity Threat Intelligence Is the Only Way We Win appeared first on McAfee.