Tag Archive for: PCs

Hackers are using a 9-year-old flaw to break into PCs

/in


Criminals and hackers will always exploit vulnerabilities, but software companies try to stay ahead of them. Tap or click here to see how malware can expose your browser passwords.

A big problem is that malware is constantly being adapted to circumvent any security efforts. Companies like Microsoft and Google can only patch what they know about, and sometimes hackers circle around to exploit old vulnerabilities.

Keep reading to find out how malware is now attacking a flaw in Windows that Microsoft patched years ago.

Here’s the backstory

Malware can be designed to accomplish many things, with the most lucrative goal being able to steal your banking details. A popular malware tool called Zloader has been used in various cyberattacks for years.

Focused on banking, the malicious code is used to steal credentials and personal information through compromised documents, email attachments, and even Google ads. The attacks can also be converted into ransomware, where the victim needs to pay to have their files unlocked.  

Several patches and vulnerability fixes have been released against ZLoader in the past. But a new version of the malware is attacking a flaw that Microsoft patched in 2013.

Check Point Research detailed how the updated campaign uses a patched flaw in Microsoft’s digital signature verification system to bypass detection. To gain access to a system, hackers must trick a user into installing a real remote IT management tool called Atera.

But the dynamic-link library file (or .dll) of the tool has been compromised with ZLoader. Any computer will automatically check the file’s digital signature, but because of the vulnerability, the malware won’t be flagged. The file will get a clean bill of health from Windows Defender as it has Microsoft’s genuine signature attached.

What you can do about it

Check Point Research notes that 2,170 unique IP addresses have downloaded the compromised Atera file. The majority (864) is located in the U.S., while Canada has around 300 infections, and India has 140.

You would need…

Source…

The Best Cyber Monday Laptop Deals: HP, Chromebooks, Gaming Laptops, and PCs – The New York Times

/in



The Best Cyber Monday Laptop Deals: HP, Chromebooks, Gaming Laptops, and PCs  The New York Times

Source…

Yubico Security C NFC is a cheap USB-C security key for phones and PCs

/in


Yubico’s latest security key is the Security Key C NFC, a cheaper alternative to the company’s existing YubiKey 5C NFC. The new product enables users to easily secure their Android smartphone, iPhone, or computer running Windows 10 using a physical key that makes it much harder for hackers to infiltrate an account.

The new Yubico Security Key C NFC features both USB-C and NFC, making it compatible with the majority of phones and PCs on the market. This new model, which is priced at $29 USD, supports FIDO U2F and FIDO 2.

The security key can be used with a variety of popular online services and software, including YouTube, Dropbox, Brave, Edge browser, Facebook, Twitter, Coinbase, Google accounts, Microsoft accounts, and more. Interested consumers can explore the platforms that support Yubico’s Security line of keys on its website here.

As with other security keys from Yubico and competitors, the Security Key C NFC features a design similar to a slim thumb drive, including a hole for attaching it to a keychain. The device also sports a fiberglass-reinforced body for durability. The big benefit here is the NFC support in addition to USB-C, enabling users to authenticate logins by tapping the security key to the back of the device.

The Yubico Security Key C NFC is priced at $29 USD for a single unit, while multi-packs are also available up to a tray of 50 keys. The security key should meet the needs of the average consumer, though business professionals and others who need additional protocol support can turn to the $50 YubiKey 5 Series, which includes support for things like Smart Card, OpenPGP 3, and more.

Source…

A Mystery Malware Stole 26 Million Passwords From Windows PCs

/in


Researchers have discovered yet another massive trove of sensitive data, a dizzying 1.2 TB database containing login credentials, browser cookies, autofill data, and payment information extracted by malware that has yet to be identified.

In all, researchers from NordLocker said on Wednesday, the database contained 26 million login credentials, 1.1 million unique email addresses, more than 2 billion browser cookies, and 6.6 million files. In some cases, victims stored passwords in text files created with the Notepad application.

The stash also included over 1 million images and more than 650,000 Word and PDF files. Additionally, the malware made a screenshot after it infected the computer and took a picture using the device’s webcam. Stolen data also came from apps for messaging, email, gaming, and file-sharing. The data was extracted between 2018 and 2020 from more than 3 million PCs.

The discovery comes amid an epidemic of security breaches involving ransomware and other types of malware hitting large companies. In some cases, including the May ransomware attack on Colonial Pipeline, hackers first gained access using compromised accounts. Many such credentials are available for sale online.

Alon Gal, cofounder and CTO of security firm Hudson Rock, said that such data is often first collected by stealer malware installed by an attacker attempting to steal cryptocurrency or commit a similar type of crime.

The attacker “will likely then try to steal cryptocurrencies, and once he is done with the information, he will sell to groups whose expertise is ransomware, data breaches, and corporate espionage,” Gal told me. “These stealers are capturing browser passwords, cookies, files, and much more and sending it to the [command and control server] of the attacker.”

NordLocker researchers said there’s no shortage of sources for attackers to secure such information.

“The truth is, anyone can get their hands on custom malware,” the researchers wrote. “It’s cheap, customizable, and can be…

Source…