By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

Microsoft and Cisco Talos identified a new malware which has affected thousands of computers in the US as well as in Europe. The companies stated that this malware has an ability to turn the PCs into proxies for performing malicious activity. This malware was named by Microsoft as Nodersok while the Cisco Talos called it Divergent. This threat has many of its own components to carry out malicious activities but it also takes advantage of existing tools. It should be mentioned that this malware leverages widely used Node.js framework and WinDivert, which is a user-mode packet capture-and-divert package for Windows 2008, Windows 7, Windows 8, Windows 10 and Windows 2016 to turn infected machines into proxies for malicious behavior. Microsoft and Cisco Talos both the companies released the threat report on this malware on Wednesday, September 25 in separate blog posts. As per the Microsoft researchers once Nodersok turns the systems into unwitting proxies "it uses them as "a relay to access other network entities (websites, C&C servers, compromised machines, etc.), which can allow them to perform stealthy malicious activities." While both the companies had a different opinion as to exactly what it does, Cisco Talos researchers said that "This malware can be leveraged by an attacker to target corporate networks and appears to be primarily designed to conduct click-fraud. It also features several characteristics that have been observed in other click-fraud malware, such as Kovter." The company believes that this malware is still to be in active development. Follow this thread to OUR FORUM to learn more.

Data-center companies face two pressing questions. First, how do they increase the density of computing power that high-performance systems need to support AI and machine learning? Second, how do data centers slash their carbon footprint in an environmentally aware market? Spanish company Submer believes it can help answer them both. With 40 clients in Europe and the US, Submer says it can cut the energy consumption of traditional air cooling and increase the viable density of high-performance computing by a factor of 10. Liquid submersion is common in the electric power-distribution infrastructure in components such as transformers, but it is rarely used for cooling IT hardware. In principle, submerging computer components is more efficient because liquids absorb more heat and take longer to heat up than air. The approach can also allow the overall system to run at higher temperatures because liquids help prevent hotspots that damage components. Obviously, it is important that liquid coolants do not conduct electricity. Although cold-plate liquid cooling is sometimes used in a closed system to cool the system chassis, immersing the whole system in liquid is almost unknown in computing. Submer was founded by Daniel Pope, a tech entrepreneur also behind Webhosting company Datahouse Internet, which he sold to Telefonica Group in 2010. He says one of the challenges to gaining acceptance in data centers was to build an immersive cooling system that could be easily managed in that environment. "The products that were out there had a very industrial approach and they really didn't look like something you'd place next to your racks. We designed a machine that is operated in a way that a data-center manager feels comfortable with." The other problem for industrial cooling liquids is compatibility with computing components – they can damage some of the plastic commons in server components. Founded in 2015, Submer has developed a dialectic fluid formula that Pope says can be manufactured anywhere in the world. Learn more from OUR FORUM.

The National Cyber Security Centre Finland (NCSC-FI) which acts as Finland's National Communications Security Authority published today a detailed guide on how to secure Microsoft Office 365 against data breaches and credential phishing. NCSC-FI's guide is focused on mitigating Microsoft Office 365 phishing which can lead to stolen credentials and to financial losses in the event of a successful Business Email Compromise (BEC) scam fraud that would use the stolen information. To put the seriousness of BEC attacks into perspective, FBI's Internet Crime Complaint Center (IC3) received victim complaints regarding 166,349 domestic and international incidents between June 2016 and July 2019, with a total exposed dollar loss of more than $26 billion according to a PSA issued on September 10. The same day, the U.S. Department of Justice (DoJ) said in a press release that 281 individuals were arrested over a four-month period in the U.S. and around the world as part of Operation reWired, a worldwide coordinated effort to disrupt BEC schemes. The first step to secure Office 365 against phishing and security breaches is to secure identities by customizing login pages to match the organization’s look, using hard to crack passwords, securing the local Active Directory, enabling modern authentication, blocking legacy email protocols without two-factor authentication (2FA) support, enabling 2FA, using conditional access, and carefully manage administrator roles. Next in line is securing Office 365 email accounts by securing email routing by rejecting emails that aren't sent over TLS and aren't sent by parties authenticated using certificates. Also, users should be secured against junk, malware, phishing emails, and zero-day attacks with the help of Office 365 Advanced Threat Protection (Office 365 ATP) via the ATP Safe Attachments, ATP Safe Links, and ATP Antiphishing features. To learn more and get the full guide to navigate to OUR FORUM.

Google Alerts is s useful service that allows you to receive emails or an updated RSS feed when new pages appear in the Google search index that is related to specified keywords you are following. Unfortunately, whenever there is a good thing, people try to take advantage of them to push users towards scams and malware. For those not familiar with this service, Google Alerts allows you to submit keywords that you wish to monitor. When new pages are found that match these keywords, depending on how you create the alert, Google will either send you an email or update an RSS feed. I have been using Google Alerts for many years in order to track various malware and security topics. Over the past year, if not longer, I have noticed a trend where bad actors are injecting malicious sites into the Google search index in order to have them also appear in Google Alerts being sent to users. When a user clicks on one of these alerts, they will then be sent to a page that then redirects them through a series of other pages until they finally land at a fake giveaway page, tech support scam, unwanted extension, or malware installers. To get malicious links into Google Alerts, bad actors will create spam pages with popular keywords and get them into the Google search index. For example, as we publish a lot of ransomware news, I have a Google Alert set up for Ransomware. Knowing that users are desperate for decryptors, the bad actors create fake spam pages containing blobs of text containing keywords related to a particular decryptor that may be affecting a lot of users at the time. When the bad actors create these pages and get them into the Google index, an alert will be generated for anyone who wants to be notified about ransomware, decryptors, or the STOP ransomware. When a user clicks on a link through a Google Alert or via the Google search engine, instead of showing the web page shown earlier in the article, they will be redirected to a malicious site like the tech support scam shown below. Follow this by visiting OUR FORUM.

Windows 7 is certainly rather long in the tooth now, but it is still very widely used. As such, despite the general end of support coming in January, Microsoft has committed to keeping Windows 7-based voted machine secure. The company says that it will "provide free security updates for federally certified voting systems running Windows 7 through the 2020 elections, even after Microsoft ends Windows 7 support". Given the problematic nature of recent Windows 10 updates, this may come as little comfort as the Trump 2020 campaign continues. Microsoft points out that it has supported Windows 7 for a decade: "When we released Windows 7, we committed to supporting it for 10 years, and we've honored that commitment. We've also reminded customers about this along the way including, most recently, in January and again in March. This process is similar to how we've ended support for other operating systems in the past, and the majority of our customers have already made the move to Windows 10". "As we head into the 2020 elections, we know there is a relatively small but still significant number of certified voting machines in operation running on Windows 7. We also know that transitioning to machines running newer operating systems in time for the 2020 election may not be possible for a number of reasons, including the lengthy voting machine certification process --tr a process we are working with government officials to update and make more agile. Since we announced our Defending Democracy Program, we've focused on bringing the best of Microsoft's security products and expertise to political campaigns, parties, the election community, and democracy-focused nongovernmental organizations". For more refer to OUR FORUM.

Have you ever heard of the STOP Ransomware? Probably not, as few write about it, most researchers don't cover it, and for the most part, it targets consumers through cracked software, adware bundles, and shady sites. Ryuk, GandCrab, and Sodinkibi get huge and deserved media attention because they generate giant ransom payments, can halt business and local governments, and affect enterprise customers, which are the bread and butter for AV companies. Yet, based on Michael Gillespie's ID Ransomware submissions and support requests at BleepingComputer, for the past year, it has been the most actively distributed ransomware in the wild. To give you some perspective, the ransomware identification service ID Ransomware gets approximately 2,500 ransomware submissions a day. Of those, between 60-70 % are STOP ransomware submissions. This amount of submissions beats out any other ransomware that users are submitting to the service when trying to get help. STOP is getting so big that the image above looks like Pacman eating all of the other ransomware! In order to distribute STOP, the ransomware developers have teamed up with shady sites and adware bundles. These sites promote fake software cracks or free programs, which are really adware bundles that install a variety of unwanted software and malware onto a user's computer. One of the programs installed via these bundles is the STOP Ransomware. Some of the reported cracks that are have been seen installing STOP include KMSPico, Cubase, Photoshop, and antivirus software. It is not only cracked, though, as many of these shady sites offer downloads of free software, but are simply just adware bundles that install the ransomware. Even worse, some of these variants also bundle the Azorult password-stealing Trojan with the ransomware for a double-attack on the victim. Otherwise, there is nothing particularly special about the STOP Ransomware.  It encrypts just like any other ransomware, appends an extension, and drops a ransom note. What makes it so much of a pain is the sheer amount of variants that keep being released. In fact, right now, there are more than 159 variants that we know about. Visit OUR FORUM to learn more most active and destructive ransomware.

 

Translate