Search Results for “Danny Palmer”


May 27, 2020
Danny Palmer / ZDNet

Danny Palmer / ZDNet  
Attacks on Corporate Cloud Services Soared 630% Early This Year as Cybercriminals Sought to Exploit Remote Working

Cyberattacks targeting corporate cloud services have increased by 630 percent between January and April of this year as cybercriminals look to exploit the rise in remote working to gain access to corporate accounts, McAfee said in its recent Cloud Adoption & Risk Report. In most cases, these attempts at hacking cloud accounts are brute-force attacks, with cybercriminals attempting common or simple passwords in an effort to gain access. The attacks come in two broad categories excessive usage from an anomalous location or what researchers call ‘suspicious superhuman,’ which involves multiple login attempts in a short amount of time from geographically disparate sites.

Related: BusinessLine – Home, Network World Security, ZDNet UK, Times of India, Hindu Businessline, TechCentral.ie, CSO Online, ITProPortal, TechRepublic, DGIndia, Business Wire Technology News


May 12, 2020
Andy Greenberg / Wired

Andy Greenberg / Wired  
WannaCry Hero Marcus Hutchins Reveals the Backstory to His Arrest by the FBI for Helping to Develop the Kronos Banking Trojan

In a highly personal, detailed, and revelatory backstory, WannaCry hero Marcus Hutchins, also known as MalwareTechBlog, tells the tale of how at a young age he became involved in the development of the Kronos banking trojan, for which he was arrested by the FBI immediately following DEF CON in 2017. Hutchins walks through his childhood and family life to describe his precocious interest in and talent for digital and computer technology. He also discusses his early involvement in dark web forums and marketplaces, where he gained access to illegal drugs, including amphetamines. Fueled by the stimulants and consumed by long hours of software and minor malware development, Hutchins got ensnared into deeper and deeper involvement with the developer of the Kronos banking malware and divulged more personal details with him – and another online contact – than he should have. Those divulgences ultimately led to his arrest in Las Vegas.

Tweets:@a_greenberg @malwaretechblog @malwaretechblog @nxthompson @dannyjpalmer @martijn_grooten @gsuberland @bobmcmillan @evacide @malwarejake @malwaretechblog

@a_greenberg: Three years ago today, Marcus Hutchins stopped WannaCry, an $8 billion cyberattack. Then the FBI arrested him. Today we're publishing a 14,000-word cover story that finally tells his full, untold tale, from 15yo criminal to hero to convict to redemption.
@malwaretechblog: Ok, here we go.
@malwaretechblog: This is something I've wanted to do for a long time. I felt it better to share the full unadulterated story, and let people make up their own minds. It meant discussing a lot of uncomfortable facts about my past, but I want the story not to be some airbrushed half-truth.
@nxthompson: Three years ago, Marcus Hutchins saved the internet when he stopped WannaCry, one of the worst cyberattacks in history. But then the FBI mysteriously arrested him. Why? Here's the incredible story of his life, from criminal to hero to convict to ...
@dannyjpalmer: It's three years ago today the world was hit by WannaCry ransomware - and the NHS was one of the major casualties. Here's what was the first of my many reports on the attack - which back then we were still referring to as 'WannaCrypt' https://zdnet.com/article/hospitals-across-england-hit-by-cyber-attack-systems-knocked-offline/ via @ZDNet
@martijn_grooten: This is such a well-written and important piece. FWIW, I am quoted as saying (in July 2017): "I can vouch for Marcus being a really nice guy and also for having strong ethics". I explicitly did not make any claims about his innocence. I would still vouch for him today.
@gsuberland: @MalwareTechBlog Hey, just thought I'd say that I would've put in for your legal defence funds regardless of whether or not you'd actually done what they accused you of. Nobody deserves to go through the US legal system without the means to traverse it fairly.
@bobmcmillan: This is a very good story. Classic @a_greenberg One thing that I've always wondered is why did the FBI pursue this case? Often they will flip a suspect in exchange for intel, but in this case, Hutchins was already providing law enforcement with valuable info. Why stop that?
@evacide: When I start to lose faith in humanity, I remember that @tarah put up her entire Symantec severance and dashed barefoot across Vegas to bail out @MalwareTechBlog, whom she had barely met.
@malwarejake: I've said it before and I'll say it again: @deviantollam and @tarah are outstanding human beings. This story from @a_greenberg highlights their selfless acts in helping @MalwareTechBlog through his legal ordeal. Outstanding article, outstanding humans.
@malwaretechblog: Article doesn't go into legal strategy, but @marciahofmann, @brianeklein & Dan Stiller were incredible. Not only did they support my decision to reject deal, but also got my aggravated felony charges dropped (these would have resulted in a permanent ban from entering the US).


April 21, 2020
Danny Palmer / ZDNet

Danny Palmer / ZDNet  
All-Purpose Trickbot Malware Now Delivered Via Fake COVID-19 Medical Advice Emails From Volunteer and Humanitarian Groups

The gang behind the Trickbot malware sent out hundreds of emails purporting to relate to COVID-19 medical advice and testing, each to install Trickbot malware via unique “macro-laced” malicious document attachments inside the message, researchers at Microsoft Security Intelligence warn. The attacks take the form of phishing emails claiming to be from volunteer and humanitarian groups offering COVID-19 testing. Although it started as a banking Trojan, Trickbot has evolved and is now capable of delivering keyloggers, trojans, and ransomware onto compromised computers, as well as the ability to maintain persistence on infected machines. It can also allow hackers to move around networks via the EternalBlue vulnerability, as well as operating with botnet-like capabilities to help further the spread of infections.

Related:  CISO MAG,  ZDNet, Newslocker, Infosecurity Magazine, HotHardware.com, DataBreachToday.com

Tweets:@MsftSecIntel


July 19, 2019
Danny Palmer / ZDNet

Danny Palmer / ZDNet  
Chinese APT Group Ke3chang Is Targeting Diplomats and Government Offices in Europe, Central and South America With New Backdoor Okrum

An elusive advanced persistent threat (APT) group thought to be operating out of China and known as Ke3chang, but also known as Vixen Panda, Royal APT, Playful Dragon, and APT15, is using a previously unreported backdoor, dubbed Okrum, in a malware campaign targeting diplomats and government departments around the world, researchers at ESET report. The group is using an updated version of their Ketrican malware alongside the backdoor to target diplomatic bodies and other government institutions in countries across Europe and Central and South America. Okrum can provide itself will full administrator privileges and collects information about the infected machine, such as computer name, username, host IP address and what operating system is installed.

Related: Threatpost, BleepingComputer.com, We Live Security, The Register – Security, Infosecurity Magazine, Cyberscoop, SC Magazine

Tweets:@dannyjpalmer


June 1, 2019
Danny Palmer / ZDNet

Danny Palmer / ZDNet  
Over 2.3 Billion Business Files Found Exposed Online, Up 50% Year-over-Year, Medical Imaging File Exposures Doubled

Over 2.3 billion files exposed across SMB-enabled file shares, misconfigured network-attached storage (NAS) devices, File Transfer Protocol (FTP) and rsync servers, and Amazon S3 buckets were discovered by researchers at Digital Shadows. This figure marks a 750 million increase, or 50%, increase in data exposure compared with Digital Shadows’ Photon research team’s previous analysis of the issue early last year which found 1.5 billion files exposed. Among the files exposed were 4.7 million medical files with the majority being DICOM (DCM) medical imaging files with 4.4 million of these found to be exposed, double last year’s figures.

Related: TechRepublic, IT Pro, SC Magazine, Security Magazine, Infosecurity Magazine, Digital Shadows, We Live Security, CTOvision.com, Forbes, OODA Loop, SecurityWeek


May 9, 2019
Danny Palmer / ZDNet

Danny Palmer / ZDNet  
Dharma Ransomware Now Embeds Itself Inside Fake Antivirus Software Installation

Constantly evolving Dharma ransomware, which has been plaguing organizations since 2016, has added a new means of deploying itself by bundling inside a fake antivirus software installation, researchers at Trend Micro report.  Under the new technique, Dharma still uses phishing emails, but this time sends messages claiming to be from Microsoft saying the victim’s Windows PC is ‘at risk’ and ‘corrupted’ following ‘unusual behavior’, urging the user to ‘update and verify’ their antivirus by accessing a download link. If the user follows through, the ransomware downloads a payload and an old version of anti-virus software from cyber security company ESET.

July 3, 2019
Danny Palmer / ZDNet

Danny Palmer / ZDNet  
Satellite-Based Control Systems Are Vulnerable to Attacks That Could Potentially Wreak Havoc on Strategic Weapons Systems, Chatham House

NATO and its member countries need to urgently address the cybersecurity of space-based satellite control systems because they’re vulnerable to cyber attacks, that, if left unaddressed, could have severe consequences for global security, according to a new paper from think tank Chatham House. One means of attack the paper discusses is that of GPS digital spoofing, whereby an attacker intercepts and manipulates data to provide false information to troops and therefore allowing attackers to re-route movements of forces, potentially wreaking havoc on strategic weapons systems. The report also warns of old IT equipment, failure to update software with patches for removing known vulnerabilities, potential weaknesses in supply chains and other factors are leaving these satellite control systems at risk.

August 13, 2019
Danny Palmer / ZDNet

Danny Palmer / ZDNet  
Flaws in Digital Cameras’ Standard Protocol Could Expose Devices to Ransomware Infections

It’s possible to exploit vulnerabilities in a standard protocol, Picture Transfer Protocol (PTP), digital cameras use to transfer digital files to spread ransomware to the devices, researchers at Check Point say. The vulnerabilities include including buffer flows enabling code execution, which could allow the camera to be taken over remotely via Wi-Fi using a malicious and silent firmware update. The firmware could enable ransomware to be deployed because the two share the same cryptographic processes.

Related: ibtimes.sg : Top News, TechNadu, NewsBytes App, HotHardware.com, The Loop, GBHackers On Security, SecurityWeek, The Next Web, Check Point


December 13, 2019
Danny Palmer / ZDNet

Danny Palmer / ZDNet  
Phishing Campaign From Unknown Attackers Targets Government Departments in Multiple Countries Seeking Login Credentials, Energy, Commerce and Veteran Affairs Departments Targeted in U.S.

A mysterious new phishing campaign is targeting government departments and related business services around the world in cyberattacks that aim to steal the login credentials from victims, according to researchers at Anomali. The attacks have targeted at least 22 different potential victim organizations in countries, including the United States, Canada, China, Australia, Sweden, and more. The researchers say it’s unclear who is behind the attacks or what their motivations are, but the phishing domains are hosted in Turkey and Romania. Most of the attacks focus on government departments, but a small percentage also target procurement and logistics firms related to the targets. In the U.S., the Department of Energy, Department of Commerce, and Department of Veterans Affairs are the most frequent targets.

July 4, 2019
Sergiu Gatlan / Bleeping Computer

Sergiu Gatlan / Bleeping Computer  
Researchers Attribute a Slew of Malicious Malware Campaigns to TA505 Hacking Group, Downloaders and Backdoors Distributed All Over the World

Several malicious malware campaigns are being distributed by the TA505 hacking group that was behind the Dridex banking trojan and Locky ransomware, with the Gelup downloader and the FlowerPippi backdoor being used to attack targets from the Middle East, Japan, India, the Philippines, and Argentina, according to researchers at Trend Micro. Two spam campaigns also attributed to TA505 are distributing the malware downloader dubbed AndroMut aimed at recipients from U.S, Singapore, UAE, and South Korea, researchers at Proofpoint also discovered. In addition, Microsoft Security Intelligence also issued an alert about two weeks ago about an active spam campaign that tries to infect Korean targets with a FlawedAmmyy RAT malware distributed via malicious XLS attachments, a campaign that has also been attributed to the TA505 hacking group.

Related: Cyberscoop, Dark Reading: Attacks/Breaches, ProofpointTechNadu, CyberSecurity Help s.r.o, SC Magazine, Trend Micro, IT Wire, Appuals.com, ZDNet

Tweets:@dannyjpalmer