Hackers are distributing a newly discovered form of trojan malware that offers full access to infected Windows PCs.Dubbed FlawedAmmyy, the malware is built on top of leaked source code for a legitimate app, Version 3 of Ammyy Admin remote desktop software, and enables attackers to secretly snoop on those duped into installing it.The RAT (remote access trojan) is capable of complete remote desktop control, providing hackers with full access to the system and the opportunity to steal files, credentials, and more. The malware also has the potential to abuse audio chat.While those behind FlawedAmmyy attempt to deliver it in bulk using massive phishing campaigns, they’re also engaging in narrower campaigns targeting specific sectors, with attacks focused on the automotive industry, among others. This campaign to infect PCs with FlawedAmmyy was active just days ago.
Daily Archives: March 14, 2018
Chunky, black boxes, barely portable or lumped onto a desk, have been the standard design for corporate computers for decades. They’ve never been the fastest, or easiest to use devices in the world, and without jumping through some technical hoops, there’s often no easy way to access company files outside of the office. Samsung might have an answer.Since around the time of the launch of iPhone over a decade ago, employees started asking their IT departments if they could get their work emails on their personal smartphones, eschewing BlackBerries or other devices they’d been given by their companies. This led to the “bring your own device” policy, with many people now preferring to check emails and work on their own devices. But these machines often aren’t as secure as IT departments would like them to be, and in some cases, still can’t access some of the software that employees need on their work devices.
Over the last eight or nine years, of all the successful data exfiltrations and breaches that have hit the federal government and private industry, about 90 percent of them were the result of spear-phishing campaigns that targeted unsuspecting employees.That’s according to William Evanina, director of the National Counterintelligence and Security Center within the Office of the Director of National Intelligence.”Until we clean that up, our adversaries need not get sophisticated with their intrusion apparatus,” Evanina said during a keynote address on March 8 at a MeriTalk-hosted event, “Cyber Convergence: Security, the Cloud and Your Data.”
“As American citizens, we have an unbelievable inability not to click on a link,” he said, joking that any company that can absolutely prevent users from clicking on authorized links or opening unauthorized attachments would make a fortune.On that front, agencies need to make progress. A Department of Homeland Security spokesperson told CyberScoop this week that more than two-thirds of agencies have adopted DMARC, which stands for Domain-based Message Authentication, Reporting and Conformance. DHS mandated that, by Jan. 15, all agencies adopt some form of the protocol to prevent email spoofing, which can then be used in phishing campaigns to get users to click on links that will load malware. DMARC, DHS notes, gives agencies the “strongest protection against spoofed email, ensuring that unauthenticated messages are rejected at the mail server, even before delivery.”More broadly, Evanina argued, agencies and IT security leaders need to be willing to enhance cybersecurity protections at the expense of sacrificing some mission capabilities. Without that security, agencies will see their brands eroded, and with that, their value. IT leaders also need to develop crisis security plans and practice them regularly, he said.
Veteran journalist Bob Woodward criticized reporters on the right and left alike who were becoming too emotionally invested in their coverage of Donald Trump, calling them “unhinged.””You’ve described the Trump presidency as being a “test” for the news media. Do you think the media is failing the test?” asked Newsweek.The former Washington Post reporter—now an associate editor—responded journalists could always do better, including himself, but that he thought the media had not “failed” to date.”But we have a lot of work to do,” he continued. “A number of reporters have at times become emotionally unhinged about it all, one way or the other.””Look at MSNBC or Fox News, and you will see those continually either denigrating Trump or praising him. I think the answer is in the middle, and in this class I talk about how it’s important to get your personal politics out,” Woodward went on.”It’s destructive to become too politicized. The emotion should be directed at doing more work, not some feeling or personal conclusion.”Woodward has leveled similar criticisms in the past, including during a January CNN hit alongside his former Watergate reporter Carl Bernstein.”In lots of reporting, particularly on television, commentary, there’s kind of self-righteousness and smugness, and people kind of ridiculing the president,” Woodward said. “When we reported on Nixon, it was obviously a very different era, but we did not adopt a tone of ridicule. The tone was, ‘what are the facts?'”
The internet is full of bad things: malware, phishing attacks, nefarious ads. And parents are loathe to let their kids surf, thanks to rampant online piracy and pornography.Comcast’s Xfinity broadband internet service has solution for all of that. It’s called ‘Protected Browsing,’ and it promises to block the bad stuff.The only problem is that a lot of good stuff is getting caught in Xfinity’s protective web. Like Paypal and gaming hub Steam, both of which were recently deemed threats by the Xfinity ‘Protected Browsing’ feature. The discovery highlights the extreme power that ISPs like Comcast wield over every site and service online, a power that may soon be exploited with net neutrality laws repealed.+ Oregon to Become the Second U.S. State to Pass a Net Neutrality LawThe issue was first reported by Torrentfreak, which ironically found itself blocked by ‘Protected Browser’. Torrentfreak reports on developments in the torrenting and piracy space, including heavy coverage of enforcement, litigation, and latest innovations.