The Friday Tech Takeaway - 22.09.17

Are ISPs helping hackers to infect you? Are you sure the version of WhatsApp, or Skype, or VLC Player installed on your device is legitimate?  Security researchers have discovered that legitimate downloads of several popular applications including WhatsApp, Skype, VLC Player and WinRAR have reportedly been compromised at the ISP level to distribute the infamous FinFisher spyware also known as FinSpy. 

SEC announces it was hacked, information may have been used for insider trading: The top U.S. markets regulator SEC announced a security breach, accessed data might have been used by crooks for insider trading. The U.S. Securities and Exchange Commission (SEC) announced that cyber criminals had previously breached its database of corporate announcements in 2016 and likely they have used it for insider trading.

On Wednesday, the SEC Chairman Jay Clayton released a “statement on cybersecurity” that reported a 2016 security breach of its EDGAR system. The Securities and Exchange Commission’s Edgar filing system is a platform which houses detailed financial reports on publicly traded companies, including quarterly earnings and statements on acquisitions.

CCleaner Malware Infects Big Tech Companies With Second Backdoor: The group of unknown hackers who hijacked CCleaner's download server to distribute a malicious version of the popular system optimization software targeted at least 20 major international technology companies with a second-stage payload.  Earlier this week, when the CCleaner hack was reported, researchers assured users that there's no second stage malware used in the massive attack and affected users can simply update their version in order to get rid of the malicious software.

However, during the analysis of the hackers' command-and-control (C2) server to which the malicious CCleaner versions connected, security researchers from Cisco's Talos Group found evidence of a second payload (GeeSetup_x86.dll, a lightweight backdoor module) that was delivered to a specific list of computers based on local domain names.

Underground Hacking Forum Admins Having Second Thoughts About Selling Ransomware: Administrators of various underground hacking forums hosted on both the public Internet and Dark Web are having serious discussions about the "good idea" of allowing the sale of ransomware via their platforms. According to research by threat intelligence firms Anomali and Flashpoint several such discussions have taken place on these forums since the start of 2016, and have regularly come up again and again.

Hacker Can Steal Data from Air-Gapped Computers Using IR CCTV Cameras: Air-gapped computers that are isolated from the Internet and physically separated from local networks are believed to be the most secure computers around. However, these networks have been a regular target in recent years for researchers, who have been trying to demonstrate every possible attack scenario.

Security researchers from Ben-Gurion University in Israel have previously demonstrated several ways to extract sensitive information from air-gapped computers.  Now, the same University researchers have discovered another way to steal confidential information from air-gapped computers – this time with the help of infrared-equipped CCTV cameras that are used for night vision. 

22 September 2017

Share this page:

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Find out more here.