background preloader

XSSer

Facebook Twitter

Organized Criminals Targeting Individual iPhone, Android Users. A well organized criminal group is targeting both iOS and Android users with highly targeted man-in-the-middle attacks, according to a new threat advisory from Akamai Technologies, Inc.

Organized Criminals Targeting Individual iPhone, Android Users

"They have a lot of resources," said Rod Soto, principal security researcher in the company's business security unit. For example, they were able to target a group of individuals congregating in an Asian country based on their communications, and then used man-in-the-middle and social engineering to trick users into installing the Xsser mobile remote access Trojan on their mobile devices. The activity was first spotted in September. Lacoon Discovers Xsser mRAT, the First Advanced iOS Trojan. Xsser. XSSer: automatic tool for pentesting XSS attacks against different applications. Man-in-the-middle. Man-in-the-middle attack. In cryptography and computer security, a man-in-the-middle attack (often abbreviated to MITM, MitM, MIM, MiM or MITMA) is an attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.

Man-in-the-middle attack

One example is active eavesdropping, in which the attacker makes independent connections with the victims and relays messages between them to make them believe they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. Social engineering. Social engineering (security) List of cognitive biases. Illustration by John Manoogian III (jm3).[1] Cognitive biases can be organized into four categories: biases that arise from too much information, not enough meaning, the need to act quickly, and the limits of memory. Cognitive biases are tendencies to think in certain ways that can lead to systematic deviations from a standard of rationality or good judgment, and are often studied in psychology and behavioral economics.

There are also controversies over some of these biases as to whether they count as useless or irrational, or whether they result in useful attitudes or behavior. For example, when getting to know others, people tend to ask leading questions which seem biased towards confirming their assumptions about the person. However, this kind of confirmation bias has also been argued to be an example of social skill: a way to establish a connection with the other person.[8] Cognitive bias mitigation. Cognitive bias mitigation is the prevention and reduction of the negative effects of cognitive biases – unconscious, automatic influences on human judgment and decision making that reliably produce reasoning errors.

Cognitive bias mitigation

There is no coherent, comprehensive theory or practice of cognitive bias mitigation. This article describes tools, methods, proposals and other initiatives, in academic and professional disciplines concerned with the efficacy of human reasoning, associated with the concept of cognitive bias mitigation; most address mitigation tacitly rather than explicitly. A long-standing debate regarding human decision making bears on the development of a theory and practice of bias mitigation.

This debate contrasts the rational economic agent standard for decision making versus one grounded in human social needs and motivations. Context[edit] Malware. Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems.[1] Malware is defined by its malicious intent, acting against the requirements of the computer user, and does not include software that causes unintentional harm due to some deficiency.

Malware

The term badware is sometimes used, and applied to both true (malicious) malware and unintentionally harmful software.[2] In law, malware is sometimes known as a computer contaminant, as in the legal codes of several U.S. states.[6][7] Spyware or other malware is sometimes found embedded in programs supplied officially by companies, e.g., downloadable from websites, that appear useful or attractive, but may have, for example, additional hidden tracking functionality that gathers marketing statistics. Purposes[edit] Malware by categories on 16 March 2011. Proliferation[edit] Infectious malware: viruses and worms[edit] Viruses[edit] Trojan horse (computing) More likely to be unintended or merely malicious, rather than criminal, consequences: Trojan horses in this way may require interaction with a malicious controller (not necessarily distributing the Trojan horse) to fulfill their purpose.

Trojan horse (computing)

It is possible for those involved with Trojans to scan computers on a network to locate any with a Trojan horse installed, which the hacker can then control.[8] Some Trojans take advantage of a security flaw in older versions of Internet Explorer and Google Chrome to use the host computer as an anonymizer proxy to effectively hide Internet usage,[9] enabling the controller to use the Internet for illegal purposes while all potentially incriminating evidence indicates the infected computer or its IP address.

The host's computer may or may not show the internet history of the sites viewed using the computer as a proxy. The first generation of anonymizer Trojan horses tended to leave their tracks in the page view histories of the host computer. Ventir Trojan Intercepts Keystrokes from Mac OS X Computers. Malware + Security News Intego has seen an eyebrow-raising upward trend in the number of malicious files discovered targeting Mac OS X in the past few years, and it has many security experts concerned.

Ventir Trojan Intercepts Keystrokes from Mac OS X Computers

Virus hunters have unveiled yet another modular malware for Mac OS X, called the Ventir Trojan. Ventir uses a dropper program (e.g. Trojan horse) that can leave a backdoor, a keylogger and other malicious files behind on an infected Mac. These can be used for spying and stealing information from the victim’s Mac. We currently do not know how the malware is distributed.