Siemens CT and PET Scanners Vulnerable to Cyberattacks
Aug08

Siemens CT and PET Scanners Vulnerable to Cyberattacks

The Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has issued a warning about vulnerabilities in Siemens CT and PET scanner systems. Healthcare organizations have been put on alert and warned that there are publicly available exploits for all four of the vulnerabilities. If exploited, hackers would be able to alter the functioning of the devices, potentially placing patient safety...

Read More
Global Petya Ransomware Attacks involve Modified EternalBlue Exploit
Jun28

Global Petya Ransomware Attacks involve Modified EternalBlue Exploit

Global Petya ransomware attacks are underway with the campaign bearing similar hallmarks to the WannaCry ransomware attacks in May. The attackers are using the a modified EternalBlue exploit that takes advantage of the same SMBv1 vulnerability used in WannaCry. The ransomware variant bears a number of similarities to Petya ransomware, although this appears to be a new variant. Petya ransomware was first discovered last year, with the...

Read More
Patch Issued for Actively Exploited Drupal Vulnerability
Jun22

Patch Issued for Actively Exploited Drupal Vulnerability

An actively exploited Drupal vulnerability – tracked as CVE-2017-6922 – has been patched this week. The flaw, which affects Drupal v 7.56 and 8.3.4, is being exploited. The flaw is an access bypass vulnerability that Drupal was aware of since last October, although a patch has only just been issued. The flaw can be exploited on misconfigured websites, allowing anonymous users to upload files which are stored in a public file system...

Read More
Samba Vulnerability Could be Exploited in WannaCry Style Attacks
May29

Samba Vulnerability Could be Exploited in WannaCry Style Attacks

A Samba vulnerability has been discovered that could potentially be exploited and used in network worm attacks akin to those used to deliver WannaCry ransomware on May 12. Samba is used on Unix and Linux systems to add Windows file and print sharing services as well as on many NAS devices. Samba can also be used as an Active Directory server for access control on Windows networks. Samba uses a protocol based on Windows Server Message...

Read More
Worldwide WannaCry Ransomware Attacks Reported
May13

Worldwide WannaCry Ransomware Attacks Reported

There has been a massive spike in worldwide WannaCry ransomware attacks, with a new campaign launched on Friday. In contrast to past WannaCry ransomware attacks, this campaign leverages a vulnerability in Server Message Block 1.0 (SMBv1). Zero day exploits are commonly used by cybercriminals, although this one was allegedly developed by the National Security Agency (NSA) and was stolen and given to the hacking group Shadow Brokers....

Read More
OCR Issues Warning to Healthcare Providers on Use of HTTPS Inspection Tools
Apr05

OCR Issues Warning to Healthcare Providers on Use of HTTPS Inspection Tools

Many healthcare organization use HTTPS inspection tools to monitor HTTPS connections for malware. HTTPS inspection tools decrypt secure HTTPS network traffic and review content before re-encrypting traffic. HTTPS inspection tools are used to enhance security, although a recent warning from the Department of Health and Human Services’ Office for Civil Rights highlights recent research indicating HTTPS inspection tools could potentially...

Read More
FBI Warns Healthcare Providers of Risk of Using Anonymous FTP Servers
Mar28

FBI Warns Healthcare Providers of Risk of Using Anonymous FTP Servers

Healthcare organizations could be placing the protected health information of patients at risk by using anonymous FTP servers, according to a recent alert issued by the FBI. Cybercriminals are taking advantage of the lack of protection on FTP servers to gain access to the PHI of patients. Anonymous FTP servers allow data stored on the server to be accessed by individuals without authentication. In anonymous mode, all that is required...

Read More
US-Certs Says SSL Inspection Tools May Actually Weaken Cybersecurity
Mar24

US-Certs Says SSL Inspection Tools May Actually Weaken Cybersecurity

SSL inspection tools are commonly used by healthcare providers to improve security; however, according to a recent warning issued by US-CERT, SSL inspection tools may actually weaken organizations’ defenses and make them more susceptible to man-in-the-middle attacks. It is not necessarily the SSL inspection tools that are the problem, more that organizations are relying on those solutions to advise them which connections can be...

Read More
PetrWrap Used for Targeted Ransomware Attacks on Businesses
Mar16

PetrWrap Used for Targeted Ransomware Attacks on Businesses

Petya ransomware has been hijacked and is being used in ransomware attacks on businesses without the ransomware authors’ knowledge. The criminals behind the new PetrWrap campaign have added a new module to Petya ransomware that modifies the ransomware ‘on the fly’, controlling the encryption process so that even the ransomware authors would not be able to unlock the encryption. Petya ransomware first appeared in May last year. The...

Read More
Actively Exploited Apache Struts Vulnerability Discovered
Mar10

Actively Exploited Apache Struts Vulnerability Discovered

The discovery of a new Apache Struts vulnerability that is being actively exploited in the wild has prompted both Cisco Talos and Apache to issue warnings to users. The zero-day vulnerability in the popular Java application framework was recently discovered by Cisco Talos researchers, and attacks have been occurring at a steady pace over the past few days. The Apache Struts vulnerability – CVE-2017-5638 – is in the Jakarta...

Read More
Powershell Remote Access Trojan Uses DNS for 2-Way Communications with C2 Server
Mar07

Powershell Remote Access Trojan Uses DNS for 2-Way Communications with C2 Server

A new Powershell remote access Trojan has been identified by researchers at Cisco Talos. The memory-resident malware does not write any files to the hard drive and it uses a novel method of communicating with its C2, making it almost impossible to detect. Infection occurs via a malicious Word document sent via email. Cisco Talos researchers said only 6 out of 54 AV engines recognized the malware. If the document is opened, the user...

Read More
MacOS Malware Spread by Malicious Word Macros
Feb13

MacOS Malware Spread by Malicious Word Macros

Security researchers have discovered that MacOS malware is being spread by malicious Word macros. This is the first time that MacOS malware has been discovered to be spread using this attack vector. Windows users can expect to be attacked with malware, but Mac users have remained relatively safe. The vast majority of malware targets Windows users, with malware attacks on Mac users still relatively rare. However, MacOS malware does...

Read More
SMB File Sharing Protocol Flaw Published Before Patched
Feb06

SMB File Sharing Protocol Flaw Published Before Patched

A SMB file sharing protocol flaw in Windows has been publicly disclosed 12 days before a patch to correct the issue will be released by Microsoft. According to the researcher who published details of the flaw – Laurent Gaffié – Microsoft has known about the issue for 3 months yet has so far failed to patch the vulnerability. If the SMB file sharing protocol flaw is exploited, an attacker would be able to crash Windows 10...

Read More
Security Flaws in Multi-Function Printers Could Lead to Password Theft
Feb03

Security Flaws in Multi-Function Printers Could Lead to Password Theft

Researchers at Ruhr University have discovered security flaws in multi-function printers that could be exploited remotely by hackers to shut down the printers, or worse, manipulate documents or steal passwords. It is also possible for hackers to exploit the flaws to cause physical damage to printers. The researchers have so far identified security flaws in multi-function printers manufactured by computer hardware giants HP, Lexmark...

Read More
New Zero Day WordPress Vulnerability: Thousands of Websites at Risk
Feb02

New Zero Day WordPress Vulnerability: Thousands of Websites at Risk

A new zero day WordPress vulnerability has been discovered in the WordPress REST API that allows content injection and user privileges to be escalated. If exploited, an unauthenticated user would be able to modify any content on the WordPress sites, including adding malicious links or exploit kits, turning harmless sites into malicious malware and ransomware-downloading websites. The new zero day WordPress vulnerability was recently...

Read More
Disk-Wiping Malware Used to Wipe Virtual Desktops
Jan13

Disk-Wiping Malware Used to Wipe Virtual Desktops

Disk-wiping malware has been around for many years; however, a new variant of an old malware variant has been discovered that is being use to target companies that have implemented a virtual desktop infrastructure (VDI). Rather than each individual employee using their own computer, each is set up with a virtual desktop on a remote server. This arrangement is popular in data centers as it makes for easier management. One of other...

Read More
Twitter Credit Card Phishing Scam Offers Quick Account Verification
Jan04

Twitter Credit Card Phishing Scam Offers Quick Account Verification

A new Twitter credit card phishing scam has been detected by cybersecurity firm Proofpoint. Twitter users are offered verified account status via native Twitter ads; however, signing up involves providing credit card details, which will be handed directly to the attackers. Achieving verified account status can be a long-winded process. Users of public interest accounts are required to complete multiple steps to verify the identity of...

Read More
Ransomware Attackers Target the Industrial Sector with KillDisk Variant
Dec29

Ransomware Attackers Target the Industrial Sector with KillDisk Variant

Throughout 2016, ransomware gangs have targeted the healthcare sector with increased rigor. However, a new ransomware variant has been developed that is being used to attack industrial companies. The new threat does not permanently lock files as with other ransomware variants. Companies are threatened with full disk deletion if they do not pay the ransom, and the ransomware is capable of doing just that. The malware variant used for...

Read More
Ticno Trojan Downloader Mimics Windows Dialog Box
Dec22

Ticno Trojan Downloader Mimics Windows Dialog Box

A new Trojan downloader has been identified by Russian antivirus firm Dr. Web, which installs malicious payloads – currently adware – using a popup Windows ‘Save As’ dialog box. The malware, which has been named Trojan.Ticno.1537 covertly installs a range of adware and a malicious Google Chrome extension. The Ticno Trojan, which is downloaded by a separate malware, is packaged with legitimate software in a single installation file....

Read More
Netgear Router Vulnerability Prompts US-CERT Warning to Stop Using the Devices
Dec13

Netgear Router Vulnerability Prompts US-CERT Warning to Stop Using the Devices

A Netgear router vulnerability that has remained unpatched for three months has now been publicly disclosed, placing users at risk of their devices being hacked. So severe is the threat, that US-CERT has issued a stern warning to all users of the devices strongly advising them to replace the devices. US-CERT Coordination Center at Carnegie Mellon University assigned the Netgear router vulnerability a rating of 9.3 out of 10. An...

Read More
Popcorn Time Ransomware Offers Victims A Criminal Choice
Dec12

Popcorn Time Ransomware Offers Victims A Criminal Choice

Ransomware authors are constantly developing new ways to spread their malicious software and pull in more ransom payments; however, Popcorn Time ransomware – a new ransomware variant recently discovered by researchers at MalwareHunterTeam – uses tactics never before seen. Popcorn Time ransomware gives victims a choice: Pay the ransom and regain access to their encrypted files or obtain the decryption key for free. The catch? They need...

Read More
Holiday Season Malware Infections Double in 2016
Dec02

Holiday Season Malware Infections Double in 2016

Holiday season malware infections are to be expected. Each year as more shoppers head online, Windows malware infections increase. According to figures from Enigma Software Group (ESG), between Black Friday and Cyber Monday in 2015, malware infections were 84% higher than normal levels. However, this year during the same period, malware infections were 118% times the level seen at other times of the year. Holiday season malware...

Read More
1.3 Million Google Accounts Compromised Due to Gooligan Malware Infection
Nov30

1.3 Million Google Accounts Compromised Due to Gooligan Malware Infection

Israeli cybersecurity firm CheckPoint has discovered a new form of Android malware – Gooligan – that is spreading at an alarming rate. A Gooligan malware infection potentially gives attackers access to Google accounts and the data stored in Gmail, Google Drive, Google Photos, Google Play, G Suite and Google Docs. on their device. Already, more than 1.3 million Google accounts have potentially been compromised as a result of a...

Read More
New Ransomware Variant Blackmails Victims
Nov17

New Ransomware Variant Blackmails Victims

Researchers at Proofpoint have identified a new ransomware variant named Ransoc that uses different techniques to extort money from victims. Rather than encrypting a wide range of file types and demanding a ransom payment from the victims to supply a key to unlock data, the victims are blackmailed into making payment. Ransomware typically locks stored data with powerful encryption. Most common file formats are locked including...

Read More
Attackers Using ICMP Ping Floods to Take Down Enterprise Firewalls
Nov15

Attackers Using ICMP Ping Floods to Take Down Enterprise Firewalls

According to researchers from Danish telecom firm TDC, attackers are using ICMP ping floods to perform Denial of Service (DoS) attacks which are capable of taking down enterprise firewalls. In contrast to standard DDoS attacks, the attacker does not need to use an army of hacked devices to pull off the attack. It can be performed using a single laptop computer. Further, the mitigations put in place to counter traditional DDoS attacks...

Read More
Cybercriminals Calling Customer Service Reps to Convince them to Open Infected Email Attachments
Nov15

Cybercriminals Calling Customer Service Reps to Convince them to Open Infected Email Attachments

Training employees not to open file attachments send from unknown email accounts can help to prevent malware and ransomware infections. However, a well known cybercriminal gang is increasing the number of infections by calling hotel and restaurant employees and asking them to open emails with infected attachments. Trustwave has recently issued a warning to hotel and restaurant chains advising them to be wary of the scam. The gang...

Read More
Locky Ransomware Campaign Targets OPM Data Breach Victims
Nov11

Locky Ransomware Campaign Targets OPM Data Breach Victims

The actors behind Locky ransomware have started using data from the OPM data breaches of 2014 and 2015 as part of a new campaign to spread cryptoransomware. It is unclear how much of the data has been obtained, although in total, 22 million user records were stolen in the OPM data breach. The mass spam emails contain a malicious JavaScript file which downloads Locky onto computers. Once installed the ransomware can encrypt files on...

Read More
Microsoft Security Bulletins to End In January
Nov11

Microsoft Security Bulletins to End In January

Do you rely on Microsoft Security Bulletins to keep abreast of new patches and fixes to known vulnerabilities? If so, you should get prepared for a change to how Microsoft makes its announcement of security fixes. In a recent blog post, Microsoft has confirmed that the Security Bulletins – as we know them – will be stopping in January 2017. From February 2017, all patches and security fixes will be added to the Microsoft Security...

Read More
New Business Email Compromise Scam Tactics Uncovered
Nov11

New Business Email Compromise Scam Tactics Uncovered

There are a variety of business email compromise tactics that are used by scammers to convince executives to make fraudulent wire transfers. However, a security researcher from Symantec has noticed some scammers have started taking a different approach to increase the success rate of BEC scams. The problem for the scammers is trust. While busy executives may be careless and fail to adequately check the legitimacy of bank transfer...

Read More
New LinkedIn Social Engineering Scam Uncovered
Nov10

New LinkedIn Social Engineering Scam Uncovered

Researchers at Heimdal Security have uncovered a new LinkedIn social engineering scam that attempts to get the LinkedIn account holders to reveal their personal information. The attackers are trying to gain access to users’ financial data as well as identity documents such as passport and driver’s license numbers that can be used to commit identity theft. The attackers are using a common social engineering technique designed to scare...

Read More