Alert

NEWS - December 01, 2016

New Android Malware Campaign Grants Hackers Access to 1.3 Million Google Accounts

Attackers are leveraging a new malware campaign – dubbed Gooligan ­­– to target Android devices and compromise users’ Google accounts, researchers unveiled on Thursday.

To date, the attackers have gained access to more than 1.3 million Google accounts with an additional 13,000 devices being breached each day, according to cybersecurity firm Check Point.

The infection begins when a user downloads and installs a Gooligan-infected app on a vulnerable Android device, which includes devices running OS versions 4 (Ice Cream Sandwich, Jelly Bean, and KitKat) and 5 (Lollipop).

Continued: https://www.tripwire.com/state-of-security/latest-security-news/new-android-malware-campaign-grants-hackers-access-1-3-million-google-accounts/

Related:
Gooligan Malware Breaches 1 Million Google Accounts
https://threatpost.com/gooligan-malware-breaches-1-million-google-accounts/122195/
Gooligan hooligans have compromised at least one million Google accounts
https://www.grahamcluley.com/gooligan-hooligans-have-compromised-at-least-one-million-google-accounts/

Discussion is locked

Follow
Reply to: NEWS - December 01, 2016
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: NEWS - December 01, 2016
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
Shamoon wiper malware returns with a vengeance

A new variant of Shamoon, the malware that wiped hard drives at Saudi Aramco and other energy companies in 2012, has struck multiple organizations in Saudi Arabia in a new campaign that researchers call a "carefully planned operation."

The new variant, which is almost identical to the version used in the 2012 attacks, has replaced the message it previously displayed—which included an image of a burning American flag—with the photo of the body of Alan Kurdi, the 3-year-old Syrian refugee boy who drowned as his family tried to cross from Turkey to Greece.

New versions of Shamoon, also known as Disttrack, have been detected by multiple information security companies, including McAfee, Symantec, Palo Alto Networks, and FireEye.

Continued: http://arstechnica.com/security/2016/12/shamoon-wiper-malware-returns-with-a-vengeance/

- Collapse -
New Mirai Variant Targets Routers, Knocks 900,000 Offline

Attackers are targeting DSL routers this week with what’s being called a potent new variant of the Mirai malware that knocked offline major Internet companies like Twitter and Spotify last month. According to Germany’s Deutsche Telekom 900,000 of its DSL router customers have already been targeted by attackers.

According to the telecommunications company impacted customers are unable to connect to the Internet; phone and video services that rely on infected modems are inoperable as well.

Continued: https://threatpost.com/new-mirai-variant-targets-routers-knocks-900000-offline/122155/

- Collapse -
Fatal flaws in 10 pacemakers make for Denial of Life attacks

A global research team has hacked 10 different types of implantable medical devices and pacemakers finding exploits that could allow wireless remote attackers to kill victims.

Eduard Marin and Dave Singelée, researchers with KU Leuven University, Belgium, began examining the pacemakers under black box testing conditions in which they had no prior knowledge or special access to the devices, and used commercial off-the-shelf equipment to break the proprietary communications protocols.

Continued: http://www.theregister.co.uk/2016/12/01/denial_of_life_attacks_on_pacemakers/

Related:
Under attack: How hackers could remotely target your pacemaker
https://www.tripwire.com/state-of-security/featured/under-attack-how-hackers-could-remotely-target-your-pacemaker/

- Collapse -
Multifunctional "Proteus" Malware Emerges

A recently observed piece of multifunctional malware can be used to mine for crypto-currencies, log user keystrokes, and download additional malware onto compromised machines, Fortinet security researchers have discovered.

Dubbed Proteus, this threat has been written in .NET and is being distributed through the Andromeda botnet. The malware, Fortinet researchers say, can act as a proxy, but its authors can also use it as an e-commerce merchant account checker, coin miner, keylogger, and malware downloader.

Continued: http://www.securityweek.com/multifunctional-proteus-malware-emerges

- Collapse -
PayPal Fixes Security Flaw Allowing Hackers to Steal ..
.. OAuth Tokens

"Security researcher Antonio Sans, who is also working as a software engineer at Adobe, discovered a critical security issue in PayPal that allows hackers to steal OAuth tokens that are being used in payment apps created by third-party developers."

In a blog posted a couple of days ago, Sanso explains that the issue might exist in some other websites too, as many more are using the secure authentication standard that exposed PayPal tokens, including here Facebook and Google.

Continued: http://news.softpedia.com/news/paypal-fixes-security-flaw-allowing-hackers-to-steal-oauth-tokens-510642.shtml

Related:
PayPal Fixes OAuth Token Leaking Vulnerability
https://threatpost.com/paypal-fixes-oauth-token-leaking-vulnerability/122136/
- Collapse -
Bug Allows Activation Lock Bypass on iPhone, iPad

Researchers have found a bug that can be used to bypass Apple’s Activation Lock feature and gain access to the homescreen of locked iPhones and iPads running the latest version of iOS.

There seem to be at least two variations of the vulnerability – one of them works on iOS 10.1 and the second has also been reproduced on the latest 10.1.1 version of Apple’s mobile operating system.

Continued: http://www.securityweek.com/bug-allows-activation-lock-bypass-iphone-ipad

- Collapse -
San Francisco Rail System Hacker Hacked

The San Francisco Municipal Transportation Agency (SFMTA) was hit with a ransomware attack on Friday, causing fare station terminals to carry the message, “You are Hacked. ALL Data Encrypted.” Turns out, the miscreant behind this extortion attempt got hacked himself this past weekend, revealing details about other victims as well as tantalizing clues about his identity and location.

On Friday, The San Francisco Examiner reported that riders of SFMTA’s Municipal Rail or “Muni” system were greeted with handmade “Out of Service” and “Metro Free” signs on station ticket machines. The computer terminals at all Muni locations carried the “hacked” message: “Contact for key (cryptom27@yandex.com),” the message read.

Continued: https://krebsonsecurity.com/2016/11/san-francisco-rail-system-hacker-hacked/

Post was last edited on December 1, 2016 12:52 PM PST

- Collapse -
'Avalanche' Global Fraud Ring Dismantled

In what’s being billed as an unprecedented global law enforcement response to cybercrime, federal investigators in the United States, United Kingdom and Europe today say they’ve dismantled a sprawling cybercrime machine known as “Avalanche” — a distributed, cloud-hosting network that for the past seven years has been rented out to fraudsters for use in launching countless malware and phishing attacks.

According to Europol, the action was the result of a four-year joint investigation between Europol, Eurojust the FBI and authorities in the U.K. and Germany that culminated on Nov. 30, 2016 with the arrest of five individuals, the seizure of 39 Web servers, and the sidelining of more than 830,000 web domains used in the scheme.

Continued: https://krebsonsecurity.com/2016/12/avalanche-global-fraud-ring-dismantled/

CNET Forums

Forum Info