Neowin: DoubleAgent attack may be able to take full control of your Antivirus. “A new Zero-day attack has emerged that may endanger your antivirus (irony, much?). The new attack, termed DoubleAgent, has the ability to control your antivirus using a Microsoft technology called Application Verifier, and a 15-year old Windows XP era vulnerability.”
Arkansas Online: Virus found in database of job seekers, state says. “Investigators are trying to determine whether personal information — including Social Security numbers — for an estimated 19,000 Arkansas job seekers was stolen after a virus was detected in a statewide database, a government spokesman said.”
Naked Security: Researchers find 38 Android devices shipping with pre-installed malware. “SophosLabs cited a rising tide of Android-based attacks in its 2017 Malware Forecast last month, and the problem was further illustrated last week in a report that Windows-based malware was making its way into Android apps during development. And now researchers have discovered another security issue: devices shipping with pre-installed malware.”
The Intercept: Malware Attacks Used by the U.S. Government Retain Potency for Many Years, New Evidence Indicates. “The government has long insisted that it discloses more than 90 percent of the vulnerabilities it finds or purchases, and that those it doesn’t disclose initially get reviewed on a regular basis to re-evaluate if they should be disclosed. The problem with this is that the public doesn’t know how long the government is exploiting these security holes before they’re shared publicly — and therefore how long ordinary citizens are left exposed to Russian or Chinese nation-state hackers or cybercriminals who may discover the same vulnerabilities and exploit them.”
Krebs on Security: Ransomware for Dummies: Anyone Can Do It. “Among today’s fastest-growing cybercrime epidemics is “ransomware,” malicious software that encrypts your computer files, photos, music and documents and then demands payment in Bitcoin to recover access to the files. A big reason for the steep increase in ransomware attacks in recent years comes from the proliferation of point-and-click tools sold in the cybercrime underground that make it stupid simple for anyone to begin extorting others for money.”
TechRadar: The best free anti-ransomware tools 2017 . “Many of the big names in PC security provides tools that will release your PC from ransomware, and don’t charge for the privilege. There are also dedicated tools to prevent programs that behaves like known ransomware from running on your PC at all. This is our pick of the best free tools to unlock an infected PC, release encrypted files, or prevent a ransomware infection in the first place.” Some of the software listed is available directly from TechRadar, which I don’t like; if I’m going to download software like this I want to get it straight from the source. If you go to the software page on TechRadar, though, you’ll see a link to the developer’s site on the right.
Bleeping Computer: Database Ransom Attacks Have Now Hit MySQL Servers. “After the ransacking of MongoDB, ElasticSearch, Hadoop, CouchDB, and Cassandra servers, attackers are now hijacking hundreds of MySQL databases, deleting their content, and leaving a ransom note behind asking for a 0.2 Bitcoin ($235) payment. According to breach detection firm GuardiCore, the attacks are happening via brute-force attacks on Internet-exposed MySQL servers, and there’s plenty of those laying around since MySQL is one of today’s most popular database systems.”