Skip to content

Gotham Security Daily Threat Alerts 

by on August 5, 2014

August 1, Securityweek – (International) USB device firmware can be reprogrammed to hide sophisticated malware. Researchers from SRLabs reported developing a new piece of malware that can reprogram USB controller chips to spoof other devices, allowing an attacker to take control of a computer, steal data, and perform other actions. The researchers plan to demonstrate the “BadUSB” malware at the upcoming Black Hat security conference. Source: http://www.securityweek.com/usb-device-firmware-can-be-reprogrammed-hide-sophisticated-malware

August 1, Softpedia – (International) Hackers steal video game source code. Dell SecureWorks’ Counter Threat Unit identified a group of attackers labeled Threat Group-3279 that has been observed targeting video game and entertainment companies to steal source code and create cracks or cheat codes for games. The group is believed to be associated with the China Cracking Group and leverages a variety of tools and pieces of malware, including ones created by the group. Source: http://news.softpedia.com/news/Hackers-Steal-Video-Game-Source-Code-453108.shtml

August 1, Securityweek – (International) “Pitty Tiger” threat actors possibly active since 2008: FireEye. Researchers at FireEye analyzed the “Pitty Tiger” advanced persistent threat group first identified by Airbus Defense & Space and found that the group may have been active since 2008. The Pitty Tiger campaign targeted a variety of sectors including the defense and telecoms industries, and is believed to be operating from China. Source: http://www.securityweek.com/pitty-tiger-threat-actors-possibly-active-2008-fireeye

August 1, Securityweek – (International) New ransomware uses GnuPG to encrypt files. Researchers at Symantec and Trend Micro analyzed a new piece of ransomware dubbed Trojan.Ransomcrypt.L or BAT_CRYPTOR.A that uses GNU Privacy Guard to encrypt files for ransom and can be easily updated by its controllers. Trend Micro also identified another new piece of ransomware dubbed Cryptoblocker which does not use RSA keys and appears to have been written by inexperienced writers. Source: http://www.securityweek.com/new-ransomware-uses-gnupg-encrypt-files

August 1, Softpedia – (International) Fiesta Exploit Kit delivers double payload. A Malwarebytes researcher reported that attackers have modified the way the Fiesta Exploit Kit delivers its malicious payload by delivering two malicious files at once to attempt to avoid antivirus detection for at least one file. Source: http://news.softpedia.com/news/Fiesta-Exploit-Kit-Delivers-Double-Payload-453143.shtml

August 1, Softpedia – (International) New point-of-sale malware “Backoff” scrapes RAM for card data. The U.S. Computer Emergency Response Team (US CERT) published an advisory warning of a new family of malware known as “Backoff” that can compromise point-of-sale (PoS) systems by compromising remote desktop applications and then performing memory scraping to obtain payment card track data. The malware currently has very low rates of detection in most antivirus engines and contains various other capabilities including keystroke logging and injecting a malicious stub into explorer.exe to increase persistency. Source: http://news.softpedia.com/news/New-Point-of-Sale-Malware-Backoff-Scrapes-RAM-For-Card-Data-453051.shtml

 

From → Security

Comments are closed.

%d bloggers like this: