Tag Archive for: harder

Google backs Linux project to make Android, Chrome OS harder to hack

/in


Google said Thursday it’s funding a project to increase Linux security by writing parts of the operating system’s core in the Rust programming language, a modernization effort that could bolster the security of the internet and smartphones .



icon: Miguel Ojeda

© Provided by CNET
Miguel Ojeda

If the project succeeds, it’ll be possible to add new elements written in Rust into the heart of Linux, called the kernel. Such a change would mark a major technological and cultural shift for an open-source software project that’s become foundational to Google’s Android and Chrome operating systems as well as vast swaths of the internet. 

Miguel Ojeda, who’s written software used by the Large Hadron Collider particle accelerator and worked on programming language security, is being contracted to write software in Rust for the Linux kernel. Google is paying for the contract, which is being extended through the Internet Security Research Group, a nonprofit that’s also made it easier to secure website communications through the Let’s Encrypt effort.



icon

© Miguel Ojeda


Adding Rust modules to the Linux kernel would improve security by closing some avenues for hackers can use to attack phones, computers or servers. Since it was launched in 1991, Linux has been written solely in the powerful but old C programming language. The language was developed in 1972 and is more vulnerable to hacks than contemporary programming languages.

Loading...

Load Error

Better security for Linux is good news for everyone but hackers. In addition to the Android and Chrome OSes, Google services like YouTube and Gmail all rely on servers running Linux. It also powers Amazon and Facebook, and is a fixture in cloud computing services.

It isn’t clear if Linux kernel leaders will accommodate Rust. Linus Torvalds, the founder of Linux, has said he’s open to change if Rust for Linux champions prove its worth. Ojeda has proposed 13 changes needed to allow Rust modules in Linux to get things started.

Google already has taken some early steps to make it possible to use Rust for Linux Android. Getting buy-in at the highest levels of the Linux kernel project means many other software projects could benefit, too.

Google credits the…

Source…

This malware has been rewritten in the Rust programming language to make it harder to spot

/in


Phishing emails claiming to be from a delivery company are being used to deliver a new version of a form of malware which is used to deliver ransomware and other cyber attacks.

Buer malware first emerged in 2019 and is used by cyber criminals to gain a foothold on networks which they can exploit themselves, or to sell that access on to other attackers to deliver their own malware campaigns, most notably, ransomware attacks.

Now cybersecurity researchers at Proofpoint have uncovered a new variant of Buer which is written in an entirely different coding language to the original malware. It’s unusual for malware to be completely changed in this way, but it helps the new campaigns remain undetected in attacks against Windows systems.

The original Buer was written in C programming language, while the new variant is written in Rust programming language – leading researchers to name the new variant RustyBuer. “Rewriting the malware in Rust enables the threat actor to better evade existing Buer detection capabilities,” said Proofpoint.

RustyBuer is commonly delivered via phishing emails designed to look as if they come from delivery company DHL, asking the user to download a Microsoft Word or Excel document which supposedly details information about a scheduled delivery.

SEE: Network security policy (TechRepublic Premium)

The delivery is in fact fake, but cyber criminals know that the Covid-19 pandemic has resulted in more people ordering more items online, so messages claiming to be from delivery companies have become a common trick to lure people into opening malicious messages and downloading harmful files.

In this instance, the malicious document asks users to enable macros – by asking them to enable editing – in order to allow the malware to run. The fake delivery notice claims that the user needs to do this because the document is ‘protected’ – even using the logos of several anti-virus providers in an effort to look more legitimate to the victim.

If macros are enabled, the RustyBuer is delivered to the system, providing the attackers with a backdoor into the network and the ability to compromise victims with other…

Source…

Windows XP makes ransomware gangs work harder for their money

/in


Windows XP

A recently created ransomware decryptor illustrates how threat actors have to support Windows XP, even when Microsoft dropped supporting it seven years ago.

Windows XP reached its end of life on April 8th, 2014, and even though it no longer receives security updates, more people use XP than Windows Vista, according to StatCounter and BleepingComputer’s website visitor stats.

According to StatCounter, Windows XP is used by 0.84% of the people running Windows, doubling Windows Vista’s current usag

Desktop Windows market share
Desktop Windows market share

Similar percentages are seen with BleepingComputer’s visitors, with Windows XP being more commonly used today than Windows Vista. Furthermore, we are not talking about one or two people using Windows XP, but many thousands still actively using the operating system to browse the web.

Why people are running such an old and insecure operating system is open to debate, but it could be due to legacy applications that they continue to use.

Ransomware gangs are stuck supporting Windows XP

If an organization uses Windows XP and a ransomware attack encrypts the device, it now falls on the threat actors to support the operating system if they want to get paid.

This was shown by a new Avaddon ransomware decryptor discovered by MalwareHunterTeam that is created specifically to decrypt Windows XP devices.

When we asked Emsisoft CTO and ransomware expert Fabian Wosar why a ransomware gang would create a dedicated Windows XP decryptor, we were told it is likely due to lack of support for the operating system in modern compilers.

“Visual Studio 2019 no longer can compile for Windows XP. They need to use Visual Studio 2017 and an old XP compiler to build for XP.”

“The problem is when you want the latest C++ features, you need a newer compiler. But the newest compiler versions, won’t compile for XP.”

“So if your Crypto library you use for example uses C++17 features, you can’t build for XP at all, as there is no compiler targeting XP that has those features,” Wosar told BleepingComputer in a conversation.

Due to this, it is believed that the threat actors compile their normal decryptor on a new version of Visual Studio while using an older version of VC++ to support a…

Source…