Ninite – Install and Update All Your Programs at Once

February 12, 2015 – 9:19 PM

I just recommended this to a Windows user out of sympathy and noticed that I’ve never actually blogged about it, so I would like you to meet Ninite (if you haven’t met already – it’s been around for a while now).

It’s simple to use and has a large selection of popular freeware and open source applications. Just choose the applications that you want to install, download the Ninite installer, then walk away and do something fun while it does all the work for you. The service installs the software with default settings and says “no” to any extra crapware (like browser toolbars) the installers might try to sneak in.  Run the installer again later and it updates the applications to the latest versions for you.  Supports both Windows and Linux.

Features:

  • start working as soon as you run it
  • not bother you with any choices or options
  • install apps in their default location
  • say no to toolbars or extra junk
  • install 64-bit apps on 64-bit machines
  • install apps in your PC’s language or one you choose
  • do all its work in the background
  • install the latest stable version of an app
  • skip up-to-date apps
  • skip any reboot requests from installers
  • use your proxy settings from Internet Explorer
  • download apps from each publisher’s official site
  • verify digital signatures or hashes before running anything

Site:
https://ninite.com/

Simplocker Android ransomware variant identified, tougher to decrypt files

February 10, 2015 – 5:50 PM

A new and improved variant of Simplocker ransomware for Android devices is currently being distributed, according to Avast.

When Simplocker was first identified in June 2014, it was considered possibly the first ransomware for Android devices that encrypts files. However, the encryption key was hardcoded inside the malware and was not unique for each device, meaning the so-called “master key” could simply be used to unlock any infected device without paying the ransom.

That is not the case anymore.

“This new variant has a more sophisticated way to encrypt the files inside the device,” Nikolaos Chrysaidos, Avast mobile malware analyst, told SCMagazine.com in a Tuesday email correspondence. “It generates a unique key for each device that it infects, making it more difficult to decrypt the files on each device.”

The latest variant of Simplocker infects users when they navigate to less-than-reputable websites and are alerted that they have to download a “Flash Player” to watch videos, a Wednesday post indicates. Once the app is installed and opened, the “Flash Player” requests administrator privileges that, when granted, activates the ransomware.

Source:
http://www.scmagazine.com/simplocker-variant-generates-unique-key-for-each-infected-device/article/397470/

DDoS malware for Linux systems comes with sophisticated custom-built rootkit

February 6, 2015 – 7:54 PM

A malware program designed for Linux systems, including embedded devices with ARM architecture, uses a sophisticated kernel rootkit that’s custom built for each infection.

The malware, known as XOR.DDoS, was first spotted in September by security research outfit Malware Must Die. However, it has since evolved and new versions were seen in the wild as recently as Jan. 20, according to a new report Thursday from security firm FireEye, which analyzed the threat in detail.

XOR.DDoS is installed on targeted systems via SSH (Secure Shell) brute-force attacks launched primarily from Internet Protocol (IP) addresses registered to a Hong Kong-based company called Hee Thai Limited.

The attacks attempt to guess the password for the root account by using different dictionary-based techniques and password lists from past data breaches. FireEye observed well over 20,000 SSH login attempts per targeted server within a 24-hour period and more than 1 million per server between mid-November and end of January.

When the attackers manage to guess the root password they send a complex SSH remote command — sometimes over 6,000 characters long — that consists of multiple shell commands separated by semicolons. These commands download and execute various scripts as part of a sophisticated infection chain that relies on an on-demand malware building system.

Source:
http://www.csoonline.com/article/2881134/malware-cybercrime/ddos-malware-for-linux-systems-comes-with-sophisticated-custombuilt-rootkit.html#tk.rss_news

US health insurer Anthem suffers massive data breach

February 5, 2015 – 5:20 AM

Anthem, the second-largest health insurer in the United States, has suffered a data breach that may turn out to be the largest health care breach to date, as the compromised database holds records of some 80 million individuals.

Not much is known about how the attack was discovered, how it unfolded and who might be behind it, but the breach has been confirmed by the company’s CEO Joseph Swedish in a public statement, in which he says they were the victims of a “very sophisticated external cyber attack.”

“These attackers gained unauthorized access to Anthem’s IT system and have obtained personal information from our current and former members such as their names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information, including income data,” he shared, and added that, as far as they can tell for now, “no credit card or medical information, such as claims, test results or diagnostic codes were targeted or compromised.”

“Anthem’s own associates’ personal information – including my own – was accessed during this security breach,” he noted, and promised that they will notify each of the affected customers in writing (via a letter), and provide credit monitoring and identity protection services free of charge.

The breach impacted customers of all their product lines: Anthem Blue Cross, Anthem Blue Cross and Blue Shield, Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield, Amerigroup, Caremore, Unicare, Healthlink, and DeCare. But, the final number of affected individuals is still to be determined.

Source:
http://www.net-security.org/secworld.php?id=17917

Serious bug in fully patched Internet Explorer puts user credentials at risk

February 4, 2015 – 5:46 AM

A vulnerability in fully patched versions of Internet Explorer allows attackers to steal login credentials and inject malicious content into users’ browsing sessions. Microsoft officials said they’re working on a fix for the bug, which works successfully on IE 11 running on both Windows 7 and 8.1.

The vulnerability is known as a universal cross-site scripting (XSS) bug. It allows attackers to bypass the same origin policy, a crucially important principle in Web application models that prevents one site from accessing or modifying browser cookies or other content set by any other site. A proof-of-concept exploit published in the past few days shows how websites can violate this rule when people use supported versions Internet Explorer running the latest patches to visit maliciously crafted pages.

To demonstrate the attack, the demo injects the words “Hacked by Deusen” into the website of the Daily Mail. But it also could have stolen HTML-based data the news site, or any other website, stores on visitors’ computers. That means it would be trivial for attackers to use it to steal authentication cookies many websites use to grant access to user accounts once a visitor has entered a user name and password. Once in possession of the cookie, an attacker could access the same restricted areas normally available only to the victim, including those with credit card data, browsing histories, and other confidential data. Phishers could also exploit the bug to trick people into divulging passwords for sensitive sites.

Source:
http://arstechnica.com/security/2015/02/serious-bug-in-fully-patched-internet-explorer-puts-user-credentials-at-risk/