malware   13271

« earlier     later »

Tutoriel Farbar Recovery Scan Tool (FRST) : Analyse et désinfection de virus
Tutoriel Farbar Recovery Scan Tool (FRST) pour analyse et désinfection de virus ou faire un état des programmes en cours de fonctionnement
frst  otl  Windows  analysis  trojan  adware  malware 
4 weeks ago by vonc
A Deceitful 'Doctor' in the Mac App Store
A Deceitful 'Doctor' in the Mac App Store
china  security  malware  mas 
4 weeks ago by rryan
Clientside Exploitation - Tricks of the Trade 0x01 - Sharpshooter + SquibblyTwo - Malware - 0x00sec - The Home of the Hacker
Today I am going to show you how to:

Create a payload that isn’t detected by Windows Defender, even with real-time protection, advanced threat protection, and AMSI
Do all of this without Cobalt Strike, and instead with Sharpshooter + Metasploit/Msfvenom*
malware  sharpshooter  payload  pentest 
5 weeks ago by whip_lash
Ugly Email.
Gmail extension for blocking read receipts and other email tracking pixels
email  security  malware 
5 weeks ago by hayzer
A Honeypot Guide: Why Researchers Use Honeypots for Malware Analysis | The Mac Security Blog
You may have heard the term "honeypot" thrown about in the security community from time to time. While it may spark your imagination, you may be wondering what is a honeypot and what role does it play in the security industry? Certainly malware hunters aren't referring to Winnie the Pooh helping himself to jars and jars of honey, right? So, what exactly do security researchers mean what talking about honeypots?
A honeypot, in the Internet security world, is a real or simulated system designed to attract attacks on itself. Essentially they are virtual or physical machines that are open to the real world whilst flaunting their intended vulnerabilities. Honeypots became popular amidst the wide spreading of worms in the late 1990s and early 2000s. The main purposes of these traps were to capture and analyze attacks in order to improve defenses from malicious intrusions.
Below is a simple, yet practical guide that covers the basic types of honeypots, as well as how and why they help researchers analyze malware. Without further do, let's get to it!
security  privacy  malware  research 
6 weeks ago by rgl7194
Apple Removes Top Security App For Stealing Data and Sending it to China
Apple removed today a very popular anti-malware app called Adware Doctor from the Mac App Store because it was gathering browsing history and other sensitive information without a user's permission and then uploading it to someone in China.
Adware Doctor is promoted as an anti-malware and adware protection program that claims to be able to protect your Mac from malicious files and browser from adware. This program was the #1 paid utility in the Mac App Store with a 4.8 star rating and over 7,000 reviews.
mac  apps  store  security  privacy  malware  cookies  plugins  browser  china  history 
6 weeks ago by rgl7194
Daring Fireball: The Curious Case of Adware Doctor and the Mac App Store
What a bizarre story this is. Adware Doctor was a $4.99 app in the Mac App Store from a developer supposedly named Yongming Zhang. The app purported to protect your browser from adware by removing browser extensions, cookies, and caches. It was a surprisingly popular app, ranking first in the Utilities category and fourth overall among paid apps, alongside stalwarts like Logic Pro X and Final Cut Pro X.
Turns out, among other things, Adware Doctor was collecting your web browser history from Chrome, Firefox, and Safari, and uploading them to a server in China. Whatever the intention of this was, it’s a privacy debacle, obviously. This behavior was first discovered by someone who goes by the Twitter handle Privacy 1st, and reported to Apple on August 12. Early today, security researcher Patrick Wardle published a detailed technical analysis of the app. Wired, TechCrunch, and other publications jumped on the story, and by 9 am PT, Apple had pulled the app from the App Store.
mac  apps  store  security  privacy  malware  cookies  plugins  browser  china  history  daring_fireball 
6 weeks ago by rgl7194
Objective-See's Blog: A Deceitful 'Doctor' in the Mac App Store
a massively popular app, surreptitiously steals your browsing history
Updates:
  ■  The application, "Adware Doctor" has now been removed from the Mac App Store!
  ■  I've uploaded the app's binary if you want to play along (download: Adware Doctor.zip)
  ■  In Mojave, the sandbox will (always) protect private content, such as Safari's history.
  ■  While process enumeration is disallowed in the iOS sandbox, and yes, /bin/ps is blocked on in the macOS sandbox as as well, Apple has noted that sandboxed apps may still enumerate running processes (though this will likely change in the future).
Background
You probably trust applications in the Official Mac App Store. And why wouldn't you?
Apple states:
"The safest place to download apps for your Mac is the Mac App Store. Apple reviews each app before it’s accepted by the store, and if there’s ever a problem with an app, Apple can quickly remove it from the store."
However, it's questionable whether these statements actually hold true, as one of the top grossing applications in the Mac App Store surreptitiously exfiltrates highly sensitive user information to a (Chinese?) developer. Though Apple was contacted a month ago, and promised to investigate, the application remains available in Mac App Store even today.
Note:
The nefarious logic of the app was originally uncovered by @privacyis1st. So major kudos to him!
After he reached out, we collaboratively investigated this issue together. #TeamWork
mac  apps  store  security  privacy  malware  cookies  plugins  browser  china  history 
6 weeks ago by rgl7194
Security Researcher Accidentally Stumbles on a Way for Malware to Click "OK" For you - SecureMac
One of the simplest ways to stay safe and secure on your Mac is to pay close attention to the warnings and prompts that the system often pops up when you’re in the middle of things. Many times, you might even expect these prompts to appear. It’s just macOS’s way of saying, “Hey, are you sure about that?” when something involves sensitive files or has extensive permissions. When you aren’t expecting them, they’re even more important: as your first line of defense, they can be a big red flag that a file or program on your Mac is trying to do something it shouldn’t. That can help you avoid installing malware, or to know you have an infection already.
As it turns out, though, there is a flaw underlying the way these prompts currently work. If malware were to infect your Mac successfully, it could use this flaw to automatically click to dismiss these security prompts before you ever have a chance to see them. At first glance, this flaw might not seem new; Apple patched a bug in macOS late last year that allowed these “synthetic clicks” to occur and bypass notifications. However, noted Apple security researcher Patrick Wardle, presenting at the recent DEFCON gathering in Las Vegas, recently revealed he had found a way around this patch — and he did it by accident, too.
0day  10.13  bug  mac  macOS  privacy  security  malware 
6 weeks ago by rgl7194
ex-NSA Hacker Discloses macOS High Sierra Zero-Day Vulnerability
Your Mac computer running the Apple's latest High Sierra operating system can be hacked by tweaking just two lines of code, a researcher demonstrated at the Def Con security conference on Sunday.
Patrick Wardle, an ex-NSA hacker and now Chief Research Officer of Digita Security, uncovered a critical zero-day vulnerability in the macOS operating system that could allow a malicious application installed in the targeted system to virtually "click" objects without any user interaction or consent.
To know, how dangerous it can go, Wardle explains: "Via a single click, countless security mechanisms may be completely bypassed. Run untrusted app? Click...allowed. Authorize keychain access? Click...allowed. Load 3rd-party kernel extension? Click...allowed. Authorize outgoing network connection? click ...allowed."
0day  10.13  bug  mac  macOS  privacy  security  malware 
6 weeks ago by rgl7194
A top-tier app in Apple’s Mac App Store stole your browser history • TechCrunch
Zack Whittaker:
<p>Thanks in part to a <a href="https://www.youtube.com/watch?v=nZ7CVIy5Tq8&feature=youtu.be">video posted last month</a> on YouTube and with help from security firm Malwarebytes, it’s now clear what the app [Adware Doctor] is up to.

Security researcher Patrick Wardle, a former NSA hacker and now chief research officer at cybersecurity startup Digita Security, dug in and shared his findings with TechCrunch.

Wardle found that the downloaded app jumped through hoops to bypass Apple’s Mac sandboxing features, which prevents apps from grabbing data on the hard drive, and upload a user’s browser history on Chrome, Firefox and Safari browsers.

Wardle found that the app, thanks to Apple’s own flawed vetting, could request access to the user’s home directory and its files. That isn’t out of the ordinary, Wardle says, because tools that market themselves as anti-malware or anti-adware expect access to the user’s files to scan for problems. When a user allows that access, the app can detect and clean adware — but if found to be malicious, it can “collect and exfiltrate any user file,” said Wardle.

Once the data is collected, it’s zipped into an archive file and sent to a domain based in China.

Wardle said that for some reason in the last few days the China-based domain went offline. At the time of writing, TechCrunch confirmed that the domain wouldn’t resolve — in other words, it was still down.

“Let’s face it, your browsing history provides a glimpse into almost every aspect of your life,” said Wardle’s post. “And people have even been convicted based largely on their internet searches!”

He said that the app’s access to such data “is clearly based on deceiving the user.”</p>


I'd suggest that anything which claims to be helping you with adware is going to be a scam, unless it comes from a recognised cybersecurity company. The solution to adware is not running vulnerable products such as Flash and Java, and to be wary about what you download. At least Apple makes it hard to run apps from outside the Mac App Store.

This won't, of course, help anyone's trust in Huawei, ZTE and other Chinese companies with their own high-profile problems.
apple  malware  adware 
6 weeks ago by charlesarthur
Objective-See: free mac security tools
As Macs become more prevalent, so does OS X malware. Unfortunately, current Mac security and anti-virus software is fairly trivial to generically bypass.

Objective-See was created to provide simple, yet effective OS X security tools. Always free of charge - no strings attached!
security  tools  mac  macosx  malware 
6 weeks ago by cyberchucktx

« earlier    later »

related tags

#tw  &  "death"  0day  10.13  2018  339  512-bit  7  a  aboriginal  adblock  ads  adware  ai/ml  ai  allen  amsi  analysis  analytics  android  antivirus  api  apple  application  apps  apt  aptgroups  artificial  asia  at  attack  attribution  author  av  avtech  awareness  awesome  biohacking  bitcoin  blocks  blog  booz  botnet  browser  bug  building  by  calls  can  casestudy  ccleaner  certfa  certutil  chainshot  cheatsheet  china  chrome  citizenlab  civilsociety  clamav  coins  comp3911  computer  cookies  cracking  crime  crypto  cryptocurrency  cso  cyb451  cyber  cybercampaigns  cyberreason  cybersecurity  daring_fireball  databases  datensicherheit  defender  defense  delayed  deletes  deploys  detail  detection  development  dfir  dna  docker  e12  e13  e2018  eaugust  edv  email  encryption  engineering  eseptember  event  eventlog  excel  exchange  exploit  extension  facial_recognition  family  firefox  first  flaw  floss  for  forensics  forwarding  found  free  freeware  frst  games  genome  gfw  group  guide  hack  hacking  hamilton  hijacking  history  howto  humor  ibm  in  information  infosec  intelligence  interface  ios  iot  iran  its  key  korean  lazarus  learning  lgv20  linux  lists  lmd  logging  look  mac  macos  macosx  magento  magentocore  maloven  malwarebytes  marap  mas  mena  microsoft  miner  mines  mirai  multiple  must-have  necurs  new  news  north  notpetya  old  on  online  opensource  oscp  osx  otf  otl  p2p  payload  pc  pentest  persistence  pfic2018  phishing  phone  pictures  platforms  plugins  point-of-sale  policy  privacy  programming  protocol  proxy  pushing  python  ransomware  re  record  reference  reportagen  research  researchers  reverse  reverseengineering  review  rootkits  router  rsa  rtpos  russia  rust  safety  scams  scan  scanner  scanning  scrm  security  sequencing  sharpshooter  siem  site  soc  software  sold  spam  spyware  steal  steam  store  stores  stories  supplychain  sysadmin  target  technology  testing  the  threatactors  threathunting  threatintel  tibet  to  tool  tools  trackers  tracking  tree  triout  trojan  trolling  tutorial  ueba  usb  uses  using  viren  virus  vm  vpnfilter  warning  web  webapps  windows  wordpress  xbash  yara 

Copy this bookmark:



description:


tags: