×
Security

'Slingshot' Malware That Hid For Six Years Spread Through Routers 72

Posted by BeauHD from the under-the-radar dept.
An anonymous reader quotes a report from Engadget: Security researchers at Kaspersky Lab have discovered what's likely to be another state-sponsored malware strain, and this one is more advanced than most. Nicknamed Slingshot, the code spies on PCs through a multi-layer attack that targets MikroTik routers. It first replaces a library file with a malicious version that downloads other malicious components, and then launches a clever two-pronged attack on the computers themselves. One, Canhadr, runs low-level kernel code that effectively gives the intruder free rein, including deep access to storage and memory; the other, GollumApp, focuses on the user level and includes code to coordinate efforts, manage the file system and keep the malware alive. Kaspersky describes these two elements as "masterpieces," and for good reason. For one, it's no mean feat to run hostile kernel code without crashes. Slingshot also stores its malware files in an encrypted virtual file system, encrypts every text string in its modules, calls services directly (to avoid tripping security software checks) and even shuts components down when forensic tools are active. If there's a common method of detecting malware or identifying its behavior, Slingshot likely has a defense against it. It's no wonder that the code has been active since at least 2012 -- no one knew it was there. Recent MikroTik router firmware updates should fix the issue. However, there's concern that other router makers might be affected.
Businesses

Trump Issues Order To Block Broadcom's Takeover of Qualcomm (bloomberg.com) 230

Posted by BeauHD from the thou-shalt-not-pass dept.
Bloomberg reports that President Donald Trump issued an executive order today blocking Broadcom from acquiring Qualcomm, "scuttling a $117 billion deal that had been subject to U.S. government scrutiny on national security grounds." From the report: The president acted on a recommendation by the Committee on Foreign Investment in the U.S., which reviews acquisitions of American firms by foreign investors. The decision to block the deal was unveiled just hours after Broadcom Chief Executive Officer Hock Tan met with security officials at the Pentagon in a last-ditch effort to salvage the transaction. "There is credible evidence that leads me to believe that Broadcom Ltd." by acquiring Qualcomm "might take action that threatens to impair the national security of the United States," Trump said in the order released Monday evening in Washington.
Yahoo!

Data Breach Victims Can Sue Yahoo in the United States, Federal Judge Rules (reuters.com) 13

Posted by msmash from the yeah-no-mercy dept.
Yahoo has been ordered by a federal judge to face much of a lawsuit in the United States claiming that the personal information of all 3 billion users was compromised in a series of data breaches. From a report: In a decision on Friday night, U.S. District Judge Lucy Koh in San Jose, California rejected a bid by Verizon Communications, which bought Yahoo's Internet business last June, to dismiss many claims, including for negligence and breach of contract. Koh dismissed some other claims. She had previously denied Yahoo's bid to dismiss some unfair competition claims.

[...] The plaintiffs amended their complaint after Yahoo last October revealed that the 2013 breach affected all 3 billion users, tripling its earlier estimate. Koh said the amended complaint highlighted the importance of security in the plaintiffs' decision to use Yahoo. 'Plaintiffs' allegations are sufficient to show that they would have behaved differently had defendants disclosed the security weaknesses of the Yahoo Mail System," Koh wrote. She also said the plaintiffs could try to show that liability limits in Yahoo's terms of service were "unconscionable," given the allegations that Yahoo knew its security was deficient but did little.

Slashdot Top Deals