Researchers at security firm Intezer say they’ve discovered an advanced piece of Linux malware that has escaped detection by antivirus products and appears to be actively used in targeted attacks.
HiddenWasp, as the malware has been dubbed, is a fully developed suite of malware that includes a trojan, rootkit, and initial deployment script. At the time Intezer’s post went live, the VirusTotal malware service indicated Hidden Wasp wasn’t detected by any of the 59 antivirus engines it tracks, although some have now begun to flag it. Time stamps in one of the 10 files Intezer analyzed indicated it was created last month.
Some of the evidence analyzed—including code showing that the computers it infects are already compromised by the same attackers—indicated that HiddenWasp is likely a later stage of malware that gets served to targets of interest who have already been infected by an earlier stage. It’s not clear how many computers have been infected or how any earlier related stages get installed. With the ability to download and execute code, upload files, and perform a variety of other commands, the purpose of the malware appears to be to remotely control the computers it infects. That's different from most Linux malware, which exists to perform denial of service attacks or mine cryptocurrency.
One of the files uploaded to VirusTotal, a bash script that appears to have been used for testing purposes, led Intezer researchers to a different file. The new file included the user name and password for accounts that appear to have already been added to give attackers persistent access. This evidence led Intezer to believe the malware gets installed on machines that attackers have already compromised. It’s common for advanced malware to come in two or more stages in an attempt to keep infections from being detected and prevent unintended damage.
Both Clam-AV and ESET NOD32 Antivirus for Linux are able to detect the malware.
Sent to us by: Roy W. Nash
Effective immediately, flying drones in Canada without a licence could mean fines of $1,000 for recreational users and $5,000 for commercial users.
There are two different types of licences now offered by Transport Canada: basic and advanced.
The basic category is meant for people who never fly in controlled airspace or within 30 metres horizontally of bystanders. The basic category requires passing a $10 online exam, registering with Transport Canada, marking the drone with its registration number, and carrying the pilot certificate whenever the drone is in use.
The advanced category requires all of the above, plus an in-person flight review and special permission from air traffic controllers whenever flying in controlled air space.
Users must be 14 years of age or older to take the basic exam. They must be 16 or older to take the advanced exam.
Drones that weigh under 250 grams are exempt from licensing, and those that weigh more than 25 kilograms have their own set of rules.
Transport Canada also reminds pilots that drones need to be flown where the pilot can see them at all times, below 122 metres, at least 5.6 kilometres away from airports and no less than 1.9 kilometres from heliports.
Sent to us by: Bekah Ferguson
The Australian National University has fallen victim to a fresh breach in which intruders gained access to "significant amounts" of data stretching back 19 years.
The top-ranked university said it noticed about two weeks ago that hackers had accessed staff, visitor and student data, including names, addresses, dates of birth, phone numbers, personal email addresses, emergency contact details, tax file numbers, payroll information, bank account details and passport details. It said the breach took place in "late 2018" – the same year it 'fessed up to another lengthy attack.
Academic records were also accessed.
University officials say, "The systems that store credit card details, travel information, medical records, police checks, workers' compensation, vehicle registration numbers, and some performance records have not been affected."
The news comes less than a year after the school admitted its networks had been hit by a months-long attack. At the time, the university said it had "been working in partnership with Australian government agencies for several months" to fend off the attack.
Vice-chancellor, Brian Schmidt, admitted that if the university had not made upgrades last year in the wake of the early 2018 attacks, this most recent breach would have gone undetected.
Schmidt described the attacker as a "sophisticated operator" and said the university had "no evidence that research work has been affected".
Sent to us by: Roy W. Nash
Look out: RoboCop is already starting to think. Scammers who use dating sites to trick people into handing over cash are being spotted using artificial intelligence.
A neural network has analysed profiles, messages and images from real dating data to get better at spotting fakes.
It sampled age, gender and ethnicity as well as the language people use to describe themselves.
The results of the research are slightly mind-blowing. The AI system proved accurate at spotting scammers and fakes in a whopping 93% of cases.
Computer scientists in the UK, US and Australia collaborated on the AI-based system, which found that those making fake profiles were more likely to be men (60%) and had an average age of 50.
The system was trained using almost 15,000 profiles from a free dating website. The computer science project used data from the service because it publicly posts fake profiles when they are discovered.
Ultimately the team hopes to create an early warning system that can spot scammers as they set up accounts and begin the process of contacting victims.
The researchers said scams on dating sites and apps were hard to tackle because they were usually not large campaigns and were not generated automatically.
The researchers suggested their method could be harder to get around than some current approaches, which rely on blacklists and other basic technical tricks to thwart repeat offenders.
They added: "We aim to more broadly examine the available data on online dating fraud, seeking information actionable for enforcement and other countermeasures."
Sent to us by: Roy W. Nash