By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

Searching for textbooks and essays in electronic form on the Internet exposes students to a wide range of malicious attacks as Kaspersky Lab researchers found after analyzing data gathered over the past academic year. With the back to school season in full force and everyone looking around for the best possible price, some will end up trying their chances on the web instead of paying for educational materials out of their pocket. While this might look like a bargain at first, it also comes with a lot of dangers seeing that attackers will try their best to infect your computer with malware downloaders that can download and execute banking Trojans and ransomware or with worms capable of quickly spreading to all your contacts and all devices on your network. After taking a closer look at attacks using malicious documents with educational-related filenames and directed at Kaspersky users, the researchers discovered that threat actors targeted potential victims from the educational field over 356,000 times in total over the past academic year. "Of these, 233,000 cases were malicious essays that were downloaded to computers owned by more than 74,000 people and that our solutions managed to block," found Kaspersky. "About a third of those files were textbooks: we detected 122,000 attacks by malware that was disguised as textbooks. More than 30,000 users tried to open these files." While the MediaGet downloader will only download and install an unneeded torrent client, the two other downloaders are capable of dropping a huge range of malware strains on the victims' computers including but not limited to adware, crypto miners, spyware, banking Trojans, and, in the most serious cases, ransomware capable encrypting all their data. Stalk, on the other hand, a worm Kaspersky detects as Worm.Win32.Stalk.a also use spam emails to reach its victims' computers and will immediately attempt to infect any connected USB flash devices and as many devices on the same network as possible. In-depth details are posted on OUR FORUM.

Google is facing another internal crisis as employees demand answers from executives on how the company works with US immigration services. Workers have pressed management on whether the company will offer cloud services to Customs and Border Protection (CBP), concerned that their labor could be used to power Trump administration policies. But according to documents obtained by The Verge, similar deals are already in place that shows how lucrative and lasting those agreements can be. In 2017, a third-party software provider reached a nearly $750,000 deal to provide a Google cloud service to US Citizenship and Immigration Services (USCIS), a branch of the Department of Homeland Security. The contract was obtained through a Freedom of Information Act request by the activist group Mijente, which has pushed back on tech companies working with US immigration agencies. The document does not directly mention Google, but the contract provides a two-year license for Apigee Edge Private Cloud, part of a Google service for managing APIs. The contract was signed in September 2017, suggesting the service is still in use. While USCIS is seen as the bureaucratic counterpart to agencies like Immigration and Customs Enforcement (ICE) and CBP, responsible for managing asylum claims and related duties, the agency isn’t without controversy. Earlier this month, after the announcement of a Trump administration policy that would make it more difficult for poorer immigrants to become American citizens, acting director Ken Cuccinelli suggested changing the sonnet etched on the Statue of Liberty to “give me your tired and your poor who can stand on their own two feet and who will not become a public charge.” Wanna know more, please visit OUR FORUM.

If there’s one thing that Microsoft mobile fans want, it’s a phone from Microsoft. Without Windows phones, there are few options. The Galaxy Note 10 and other Samsung flagships are obvious choices for a Microsoft supported mobile in spirit. Yet, the desire is strong for a Microsoft Surface-like experience albeit with Android. It’s an alluring fantasy, but a fantasy nonetheless. Microsoft’s previous mobile efforts have been met with disaster. Windows Mobile failed to take off, Windows Phone/Windows 10 Mobile died in the crib, and Windows RT was similarly unsuccessful. There’s a compelling school of thought that says, why doesn’t Microsoft do what others have. Why not adopt Android? Much like with its Surface Pro line, you’d be pairing powerful hardware with software that people actually want. You’d get Microsoft hardware and software support, along with access to Android and the Google Play Store (and the US government’s unlikely to rip it out of your hands as well post-purchase.) It seems like a no-brainer, but its a lot more complicated than that. For Microsoft to be able to justify this thing (to users and bean counters both), it’s going to have to solve a unique problem that the market isn’t catering to at the moment. Microsoft’s brand alone is not enough to carry sales of a device. No, if Microsoft is releasing such a mobile phone, it would have to do so with a USP. A problem it intends to do solve that’ll draw a niche where it can build off on – else it’s just another Android Phone. One route they could take is the camera. Aside from the reputation of Lumia, Microsoft was making cool camera apps like Blink and Qik even before the Nokia purchase. To learn more visit OUR FORUM.

Relatively new on the ransomware scene, Sodinokibi has already made impressive profits for its administrators and affiliates, some victims paying as much as $240,000, while a network infection netted $150,000 on average. These figures are not surprising when you look at the malware's recent activity. On August 16, Sodinokibi hit 22 local administrations in Texas and demanded a collective ransom of $2.5 million. It compromised multiple MSPs (managed service providers) spreading the malware to their customers. The latest victim is another MSP that offers data backup service to dental practices. The ransom, in this case, is allegedly $5,000 per client; hundreds were impacted. Since its discovery in April, Sodinokibi (a.k.a. REvil) has become prolific and quickly gained a reputation among cybercriminals in the ransomware business and security researchers. In mid-May, a Sodinokibi advertiser using the forum name UNKN deposited over $100,000 on underground forums to show that they meant serious business. Advertisements for the new file-encrypting malware started in early July on at least two forums. UNKN said that they were looking to expand their activity and that it was a private operation with "limited number of seats" available for experienced individuals. A screenshot of the announcement, provided to BleepingComputer by malware researcher Damian shows that UNKN describes the malware as being "private ransomware" flexible enough to adapt to the RaaS business model. The name of the ransomware is not disclosed in the forum posts but the researcher told us that he saw screenshots of the malware's administrative panel showing bot IDs that look the same as those for Sodinokibi. As seen in the screenshot below, one victim paid 27.7 bitcoins, which converted to more than $220,000 at the time of the transaction. Get deeper into this by visiting OUR FORUM.

A new Trojan dropper dubbed xHelper was observed while slowly but steadily spreading to more and more Android devices since May, with over 32,000 smartphones and tablets having been found infected in the last four months. Trojan droppers are tools used by threat actors to deliver other more dangerous malware strains to already compromised devices, including but not limited to clicker Trojans, banking Trojans, and ransomware. xHelper, dubbed Android/Trojan.Dropper.xHelper by Malwarebytes Labs' researchers who discovered it, was initially tagged as a generic Trojan dropper only to be upgraded to the rank of a fully-fledged menace after climbing into the security vendor's top 10 most detected mobile malware in just a few months. Besides a large number of devices, it was found on, xHelper also comes with a number of other peculiarities including the fact that it spreads using DEX (Dalvik Executable) files camouflaged as JAR archives, containing compiled Android application code. This method of infecting new Android devices is quite unique given that most mobile Trojan droppers would use an APK (Android Package) bundled with an infected app, APKs which get subsequently dropped within the Assets folder and then installed and executed on the compromised smartphone or tablet. The encrypted DEX files used by xHelper as part of its infection process are first decrypted and then compiled using the dex2oat compiler tool into an ELF (Executable and Linkable Format) binary which gets executed natively by the device's processor. There's lots more posted on OUR FORUM.

The Dutch data protection agency has asked Microsoft’s lead privacy regulator in Europe to investigate ongoing concerns it has attached to how Windows 10 gathers user data. Back in 2017, the privacy watchdog found Microsoft’s platform to be in breach of local privacy laws on account of how it collects telemetry metadata. After some back and forth with the regulator, Microsoft made changes to how the software operates in April last year — and it was in the course of testing those changes that the Dutch agency found fresh reasons for concern, discovering what it calls in a press release “new, potentially unlawful, instances of personal data processing”. Since the agency’s investigation of Windows 10 started a new privacy framework is being enforced in Europe — the General Data Protection Regulation (GDPR) — which means Microsoft’s lead EU privacy regulator is the Irish Data Protection Commission (DPC), where its regional HQ is based. This is why the Dutch agency has referred to its latest concerns to Ireland. It will now be up to the Irish DPC to investigate Windows 10, adding to its already hefty stack of open files on multiple tech giants’ cross-border data processing activities since the GDPR came into force last May. The regulation steps up the penalties that can be imposed for violations. A spokeswoman for the Irish DPC confirmed to TechCrunch that it received the Dutch agency’s concerns last month. “Since then the DPC has been liaising with the Dutch DPA to further this matter,” she added. “The DPC has had preliminary engagement with Microsoft and, with the assistance of the Dutch authority, we will shortly be engaging further with Microsoft to seek substantive responses on the concerns raised.” Continue reading at OUR FORUM.

 

GTranslate