Month: September 2019

Enlarge / This site will not make America safer.

A "threat group" previously identified as being behind a set of attacks on IT providers in Saudi Arabia has now been spotted targeting US military veterans and companies with a malicious web page that purports to be an employment site. According to a report posted today by Cisco Talos researchers Warren Mercer, Paul Rascagneres, and Jungsoo An, the site offers a free desktop client—which is in fact a spyware installer.

Symantec identified the group in a threat intelligence post earlier this month. Called Tortoiseshell, the group has been connected with attacks on 11 companies, the majority of which are located in Saudi Arabia. All of the attacks used the same remote access tool, Backdoor.Syskit by Symantec, coded in both Delphi (the Object Pascal programming language originally introduced by Borland) and Microsoft .NET.

A very similar backdoor is part of a package dropped by the website discovered by Talos, hiremilitaryheroes.com. Still live, the site itself has no content other than three links to "try our desktop app for free"—for Windows 10, Windows 8.1 and Windows 8. The "app" is a fake installer, which, when the malware installation is complete, displays an error message that claims "your security solution is terminating connections to our servers."

Enlarge / That captive portal may be more captive than you know. (credit: John Moore / Getty Images)

Threat researchers at IBM X-Force IRIS have spotted activity by a known group of criminal web malware operators that appears to be targeting commercial layer 7 routers—the type typically associated with Wi-Fi networks that use "captive portals" to either require customer sign-in or charge for Internet access.

The group, called "Magecart 5," is one of several factions of criminal groups originally associated with the Magecart "web-skimmer", a class of JavaScript-based payment card stealing malware that has been used in the past to target customers on e-commerce websites. Ticketmaster, British Airways, and NewEgg customers were just some of the victims in a rash of exploits by Magecart rings in 2018, and the malware operators have continued to be active in 2019. According to researchers, hundreds of thousands of merchant sites have been compromised through attacks on third-party services.

In the past, Magecart attacks have focused on exploiting web infrastructure components of victims' e-commerce sites. In the case of British Airways and NewEgg, a web server was compromised, and the attackers added 22 new lines of code to an existing JavaScript library. The code redirected some traffic to a lookalike domain name used to capture payment data. In TicketMaster's case, it was a third-party service provider's server that was compromised. And in one attack on Umbro Brazil, two different Magecart gangs hit the site—with one sabotaging the other's skimming operations by feeding fake data.

Enlarge (credit: Valentina Palladino)

At this point, we all know what an Apple Watch is and what it does well. Apple knows that, too. So with the $399 Apple Watch Series 5, the company homed in on small features that could make a big difference when using the Watch on a daily basis.

You won't find a radically different looking smartwatch here, nor will you find a smartwatch with a lot of new moving parts or even a dramatically upgraded CPU. The Series 5 and watchOS 6 refine little details and push the Apple Watch even closer to being an independent device—and this is quite possibly the closest it will ever get to separating itself from the iPhone.

I've spent about one week with the Apple Watch Series 5 so far, and I can tell you up front that everything you liked about the Series 4 (and all models before it) still stands. Given that overlap, let's instead focus on the new features and improvements, which are almost all (unsurprisingly) solid but may not warrant an upgrade for those happy with their Series 3 or Series 4 Watches.