background preloader

XSSer

Facebook Twitter

Organized Criminals Targeting Individual iPhone, Android Users. A well organized criminal group is targeting both iOS and Android users with highly targeted man-in-the-middle attacks, according to a new threat advisory from Akamai Technologies, Inc.

Organized Criminals Targeting Individual iPhone, Android Users

"They have a lot of resources," said Rod Soto, principal security researcher in the company's business security unit. For example, they were able to target a group of individuals congregating in an Asian country based on their communications, and then used man-in-the-middle and social engineering to trick users into installing the Xsser mobile remote access Trojan on their mobile devices. The activity was first spotted in September. Soto said he wasn't allowed to reveal any more information about that particular attack, but did say that the criminal group involved was highly sophisticated. "This requires a lot of coordination and skills," he said. Cell phone signals may have been intercepted as well. "If you want to download a game, they will give you an infected version of the game," he said.

Lacoon Discovers Xsser mRAT, the First Advanced iOS Trojan. Xsser. XSSer: automatic tool for pentesting XSS attacks against different applications. Man-in-the-middle. Man-in-the-middle attack. In cryptography and computer security, a man-in-the-middle attack (often abbreviated to MITM, MitM, MIM, MiM or MITMA) is an attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.

Man-in-the-middle attack

One example is active eavesdropping, in which the attacker makes independent connections with the victims and relays messages between them to make them believe they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. The attacker must be able to intercept all relevant messages passing between the two victims and inject new ones. Social engineering. Social engineering (security)

List of cognitive biases. Systematic patterns of deviation from norm or rationality in judgment The loss aversion cognitive bias has been shown in monkeys Cognitive biases are systematic patterns of deviation from norm and/or rationality in judgment. They are often studied in psychology and behavioral economics.[1] Cognitive bias mitigation. Cognitive bias mitigation is the prevention and reduction of the negative effects of cognitive biases – unconscious, automatic influences on human judgment and decision making that reliably produce reasoning errors.

Cognitive bias mitigation

There is no coherent, comprehensive theory or practice of cognitive bias mitigation. This article describes tools, methods, proposals and other initiatives, in academic and professional disciplines concerned with the efficacy of human reasoning, associated with the concept of cognitive bias mitigation; most address mitigation tacitly rather than explicitly. A long-standing debate regarding human decision making bears on the development of a theory and practice of bias mitigation.

This debate contrasts the rational economic agent standard for decision making versus one grounded in human social needs and motivations. Malware. Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems.[1] Malware is defined by its malicious intent, acting against the requirements of the computer user, and does not include software that causes unintentional harm due to some deficiency.

Malware

The term badware is sometimes used, and applied to both true (malicious) malware and unintentionally harmful software.[2] In law, malware is sometimes known as a computer contaminant, as in the legal codes of several U.S. states.[6][7] Spyware or other malware is sometimes found embedded in programs supplied officially by companies, e.g., downloadable from websites, that appear useful or attractive, but may have, for example, additional hidden tracking functionality that gathers marketing statistics.

Purposes[edit] Malware by categories on 16 March 2011. Proliferation[edit] Infectious malware: viruses and worms[edit] Trojan horse (computing) More likely to be unintended or merely malicious, rather than criminal, consequences: Trojan horses in this way may require interaction with a malicious controller (not necessarily distributing the Trojan horse) to fulfill their purpose.

Trojan horse (computing)

It is possible for those involved with Trojans to scan computers on a network to locate any with a Trojan horse installed, which the hacker can then control.[8] Some Trojans take advantage of a security flaw in older versions of Internet Explorer and Google Chrome to use the host computer as an anonymizer proxy to effectively hide Internet usage,[9] enabling the controller to use the Internet for illegal purposes while all potentially incriminating evidence indicates the infected computer or its IP address. The host's computer may or may not show the internet history of the sites viewed using the computer as a proxy.

Ventir Trojan Intercepts Keystrokes from Mac OS X Computers. Malware + Security News Intego has seen an eyebrow-raising upward trend in the number of malicious files discovered targeting Mac OS X in the past few years, and it has many security experts concerned.

Ventir Trojan Intercepts Keystrokes from Mac OS X Computers

Virus hunters have unveiled yet another modular malware for Mac OS X, called the Ventir Trojan. Ventir uses a dropper program (e.g. Trojan horse) that can leave a backdoor, a keylogger and other malicious files behind on an infected Mac. These can be used for spying and stealing information from the victim’s Mac. We currently do not know how the malware is distributed.