FormBook Malware Campaign Targets U.S. Organizations
Most Formbook malware attacks have targeted specific industry sectors in the United States and South Korea, but there is concern that the malware will be used in more widespread attacks around the globe. To date, the Aerospace industry, defense contractors, and the manufacturing sector have been extensively targeted; however, attacks have not been confined to these sectors. The financial services, energy and utility companies,...
Microsoft Patches Actively Exploited Zero Day Vulnerabilities
This Patch Tuesday has seen Microsoft issue several updates for critical vulnerabilities, some of which are being actively exploited in the wild. Microsoft is urging companies to apply the patches immediately to keep their systems secure. Some of the vulnerabilities are easy to exploit, requiring little skill. In total, 62 vulnerabilities have been patched, including 33 that can result in remote code execution. Out of the 62...
New Rowhammer Exploit Enables Hackers to Bypass Mitigations
The Rowhammer exploit was first discovered in 2014 and was shown to allow attackers to take control of devices by targeting DRAM memory cells. Rowhammer attacks take advantage of the close proximity of memory cells, causing them to leak their charge and alter the content of neighboring memory cells. The attack involves delivering constant read-write operations using carefully crafted memory access patterns to continuously activate the...
3 Billion Accounts Compromised in 2013 Yahoo Data Breach
While the 2013 Yahoo data breach was soon known to involve many of the company’s customers, it became apparent in December 2016 that 1 billion accounts had been compromised. Before that in September 2016, a separate breach was discovered that involved around half a billion email accounts. Now Verizon, which finalized the purchase of Yahoo this summer, has discovered the 2013 Yahoo date breach was far worse than initially thought....
Flusihoc Botnet Activity Increases, Delivering Crippling DDoS Attacks
The Flusihoc Botnet is being used for crippling DDoS attacks, some as high as 45 Gbps according to researchers at Arbor networks. The botnet has been operational for at least two years, although activity has increased over the past few months, with more than 900 attacks conducted using the Flusihoc botnet over the past four months. The botnet has more than 48 active command and control servers, although there have been more than 154...
Ransomware and Phishing Rated Top Threats by IT Professionals
A recent survey by Cyren, conducted by Osterman Research, has revealed the biggest concerns of IT professionals are ransomware and phishing. When asked about their biggest security concerns, 62% said ransomware, 61% said phishing, and 54% said data breaches. The survey also showed that investment in cyber defenses has increased, yet for many firms, even further investment in security solutions has failed to prevent data breaches. It...
Piriform Alerts Users That CCleaner Contained Malware
Piriform’s CCleaner, a free PC cleaning app with 130 million users around the world, has been discovered to contain malware. Researchers at Cisco Talos recently announced that CCleaner contains a backdoor that was inserted by hackers. The backdoor was present in two versions of the application – the 32-bit version of CCleaner 5.33.6162 and CCleaner Cloud 1.07.3191. The backdoor was inserted into those versions at least a month before...
Beware of Equifax Data Breach Phishing Scams
Consumers are being warned to be on high alert for Equifax data breach phishing scams, telephone and text message scams, and fraudulent use of their sensitive information. Almost Half of All Americans Impacted by Equifax Data Breach The massive Equifax data breach has resulted in the personal information of almost half of the population of the United States being stolen. More than 143 million Americans have been impacted by the...
LinkedIn Phishing Scam Uses InMail and Personal Messages to Obtain Sensitive Information
A new LinkedIn Phishing scam has been detected that uses compromised LinkedIn Premium accounts to send InMail messages and private messages to other LinkedIn users. The messages appear genuine as first glance, but are being used to obtain email login credentials. Those email accounts will undoubtedly be used in more extensive phishing scams. Phishers have been gaining access to genuine LinkedIn accounts and using them to send InMail...
Equifax Data Breach Affects 143 Million Consumers
A massive Equifax data breach has resulted in the exposure, and possible theft, of 143 million American’s records, including highly sensitive data such as Social Security numbers. To put that figure into perspective, that’s virtually half the population of the United States. Hackers gained access to a website database via an unpatched vulnerability in a web application. Security experts are suggesting the vulnerability was in Apache...
Worldwide Cybersecurity Spending in 2017 to Exceed $86.4 Billion
Gartner has released a new report predicting worldwide cybersecurity spending in 2017 will reach $86.4 billion. The information security market is now the fastest growing sector and will increase by 7% by the end of 2017. Gartner predicts growth in the sector will be similar in 2018, with spending rising to $93 billion next year. Within the infrastructure protection segment, Gartner says the biggest growth will be in security testing....
NIST Revises Guidance on Passwords
The National Institute of Standards and Technology (NIST) has issued new guidance on passwords. It is standard practice to make passwords stronger by using a combination of capital letters, lower case letters, numbers and special characters. While that certainly makes it harder for cybercriminals to crack passwords using brute force methods, it also makes passwords particularly difficult to remember. In practice, forcing users to add...
Siemens CT and PET Scanners Vulnerable to Cyberattacks
The Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has issued a warning about vulnerabilities in Siemens CT and PET scanner systems. Healthcare organizations have been put on alert and warned that there are publicly available exploits for all four of the vulnerabilities. If exploited, hackers would be able to alter the functioning of the devices, potentially placing patient safety...
Global Petya Ransomware Attacks involve Modified EternalBlue Exploit
Global Petya ransomware attacks are underway with the campaign bearing similar hallmarks to the WannaCry ransomware attacks in May. The attackers are using the a modified EternalBlue exploit that takes advantage of the same SMBv1 vulnerability used in WannaCry. The ransomware variant bears a number of similarities to Petya ransomware, although this appears to be a new variant. Petya ransomware was first discovered last year, with the...
Patch Issued for Actively Exploited Drupal Vulnerability
An actively exploited Drupal vulnerability – tracked as CVE-2017-6922 – has been patched this week. The flaw, which affects Drupal v 7.56 and 8.3.4, is being exploited. The flaw is an access bypass vulnerability that Drupal was aware of since last October, although a patch has only just been issued. The flaw can be exploited on misconfigured websites, allowing anonymous users to upload files which are stored in a public file system...
Q2 Saw a 400% Increase in Phishing Attacks on Businesses
The threat from phishing has been growing steadily over the past few years, but a new report from Mimecast shows the threat is greater than ever before with more phishing attacks on businesses than any other time in history. The report shows there has been a 400% increase in phishing attacks on businesses in Q2, 2017. For the study, Mimecast analyzed the inbound emails of 44,000 business users. That analysis showed cybercriminals are...
Pacemaker Cybersecurity Protections Found Lacking
A recent study has found pacemaker cybersecurity protections not only to be lacking, but woefully inadequate. Many of the devices tested were discovered to contain thousands of software vulnerabilities, many of which could potentially be exploited by cybercriminals to gain access to the devices and their associated systems. Medical device security issues have long been a concern, yet little is being done to address the problems. In...
Samba Vulnerability Could be Exploited in WannaCry Style Attacks
A Samba vulnerability has been discovered that could potentially be exploited and used in network worm attacks akin to those used to deliver WannaCry ransomware on May 12. Samba is used on Unix and Linux systems to add Windows file and print sharing services as well as on many NAS devices. Samba can also be used as an Active Directory server for access control on Windows networks. Samba uses a protocol based on Windows Server Message...
Windows 7 Computers Worse Hit by WannaCry Ransomware
The WannaCry ransomware attacks are understood to have resulted in data being encrypted on around 300,000 computers in 150 countries. The attackers took advantage of unpatched software, exploiting a vulnerability in Microsoft Server Message Block 1.0 (SMBv1) using the EternalBlue exploit stolen from the NSA and published online by the hacking group Shadow Brokers. While a patch had been released by Microsoft to fix the vulnerability...
Dept. of Health Sends Out Waring Regarding Ransomware
Following the recent WannaCry ransomware attacks, the Department of Health and Human Services has been issuing cybersecurity alerts and warnings to healthcare organizations on the threat of attack and steps that can be taken to reduce risk. The email alerts were sent soon after the news of the attacks on the UK’s NHS first started to emerge on Friday May 12, and continued over the course of the week. The alerts provided timely and...
Wanna Decryptor Ransomware Encrypts Data on Medical Devices
Friday’s Wanna Decryptor ransomware campaign badly affected NHS hospitals in the United Kingdom, with 40 hospitals spread across at least 24 Trusts confirming they were affected and had data encrypted. However, some media reports claim as many as 48 of the 248 Trusts in the UK were impacted by the attack to some degree. Wanna Decryptor (WannaCry/WannaCrypt) attacks rapidly spread across the globe, with an estimated 200,000 victims...
WannaCry Ransomware Campaign Thwarted
The WannaCry ransomware campaign that saw 61 NHS Trusts in the UK attacked has been stopped thanks to the actions of a UK security blogger and malware researcher. The individual, who wishes to remain anonymous, found a kill switch for the ransomware that prevented it from encrypting files. The WannaCry ransomware campaign was launched on Friday May 12, 2017, with infections occurring at lightning speed. In contrast to many ransomware...
Worldwide WannaCry Ransomware Attacks Reported
There has been a massive spike in worldwide WannaCry ransomware attacks, with a new campaign launched on Friday. In contrast to past WannaCry ransomware attacks, this campaign leverages a vulnerability in Server Message Block 1.0 (SMBv1). Zero day exploits are commonly used by cybercriminals, although this one was allegedly developed by the National Security Agency (NSA) and was stolen and given to the hacking group Shadow Brokers....
Philadelphia Ransomware Used in Targeted Attacks on US Hospitals
Cybercriminals are conducting targeted attacks on U.S. healthcare organizations using Philadelphia ransomware; a relatively new ransomware variant developed from Stampedo ransomware. Philadelphia ransomware was first seen in September 2016, although recently, a new campaign has been detected that has already seen two U.S hospitals have sensitive files encrypted. The actors behind the latest attacks are targeting physicians using spear...
OCR Issues Warning to Healthcare Providers on Use of HTTPS Inspection Tools
Many healthcare organization use HTTPS inspection tools to monitor HTTPS connections for malware. HTTPS inspection tools decrypt secure HTTPS network traffic and review content before re-encrypting traffic. HTTPS inspection tools are used to enhance security, although a recent warning from the Department of Health and Human Services’ Office for Civil Rights highlights recent research indicating HTTPS inspection tools could potentially...
74% of Organizations Vulnerable to Insider Threats
Spending on cybersecurity defenses has increased to reduce the risk of attacks by cybercriminals, yet organizations still feel vulnerable to insider threats. Furthermore, insider threats have increased in the past 12 months, according to a recent survey conducted on U.S. IT security professionals. 508 IT security professionals were surveyed by LinkedIn’s Information Security Community and Crowd Research Partners in a study conducted...
FBI Warns Healthcare Providers of Risk of Using Anonymous FTP Servers
Healthcare organizations could be placing the protected health information of patients at risk by using anonymous FTP servers, according to a recent alert issued by the FBI. Cybercriminals are taking advantage of the lack of protection on FTP servers to gain access to the PHI of patients. Anonymous FTP servers allow data stored on the server to be accessed by individuals without authentication. In anonymous mode, all that is required...
US-Certs Says SSL Inspection Tools May Actually Weaken Cybersecurity
SSL inspection tools are commonly used by healthcare providers to improve security; however, according to a recent warning issued by US-CERT, SSL inspection tools may actually weaken organizations’ defenses and make them more susceptible to man-in-the-middle attacks. It is not necessarily the SSL inspection tools that are the problem, more that organizations are relying on those solutions to advise them which connections can be...
PetrWrap Used for Targeted Ransomware Attacks on Businesses
Petya ransomware has been hijacked and is being used in ransomware attacks on businesses without the ransomware authors’ knowledge. The criminals behind the new PetrWrap campaign have added a new module to Petya ransomware that modifies the ransomware ‘on the fly’, controlling the encryption process so that even the ransomware authors would not be able to unlock the encryption. Petya ransomware first appeared in May last year. The...
Actively Exploited Apache Struts Vulnerability Discovered
The discovery of a new Apache Struts vulnerability that is being actively exploited in the wild has prompted both Cisco Talos and Apache to issue warnings to users. The zero-day vulnerability in the popular Java application framework was recently discovered by Cisco Talos researchers, and attacks have been occurring at a steady pace over the past few days. The Apache Struts vulnerability – CVE-2017-5638 – is in the Jakarta...
Powershell Remote Access Trojan Uses DNS for 2-Way Communications with C2 Server
A new Powershell remote access Trojan has been identified by researchers at Cisco Talos. The memory-resident malware does not write any files to the hard drive and it uses a novel method of communicating with its C2, making it almost impossible to detect. Infection occurs via a malicious Word document sent via email. Cisco Talos researchers said only 6 out of 54 AV engines recognized the malware. If the document is opened, the user...
Dharma Ransomware Decryptor Developed
Following the release of decryption keys this Wednesday, security researchers have developed a free Dharma ransomware decryptor. It is now possible for businesses and individuals who have had their files encrypted by Dharma ransomware to unlock their files without having to pay a ransom. Dharma ransomware has not been one of the most prevalent ransomware threats. There have been nowhere near as many infections as the likes of...
February Patch Tuesday Delayed as Microsoft Fixes Last Minute Issues
The Valentine’s Day update from Microsoft did not arrive yesterday as planned. February Patch Tuesday will be coming, just a little later than usual. The decision to bundle together updates means that if urgent flaws are not fixed in time, they would have to wait until the following month to be fixed. In this case, Microsoft has chosen to delay its monthly round of patches to make sure some serious issues are addressed and included in...
Windows Devices Used to Increase Size of Mirai Botnet
The Mirai Botnet was used to launch devastating distributed denial of service (DDoS) attacks late last year, some of which took down large sections of the Internet including some of the most popular websites – Twitter and Netflix for example. One Mirai attack on the hosting company OVH registered 1.1 Tbps. It has been predicted that attacks on that scale are likely to become much more common in 2017. The Botnet is comprised of...
MacOS Malware Spread by Malicious Word Macros
Security researchers have discovered that MacOS malware is being spread by malicious Word macros. This is the first time that MacOS malware has been discovered to be spread using this attack vector. Windows users can expect to be attacked with malware, but Mac users have remained relatively safe. The vast majority of malware targets Windows users, with malware attacks on Mac users still relatively rare. However, MacOS malware does...
HITRUST Threat Catalogue Helps Healthcare Industry Prioritize Cybersecurity Threats
The HITRUST Alliance has announced that the organization will be releasing the HITRUST Threat Catalogue in March: A new resource to help healthcare organizations improve security by aligning the wide range of current cybersecurity threats and risk factors with its Common Security Framework. The Health Insurance Portability and Accountability Act (HIPAA) requires all covered entities to conduct a risk assessment to identify the...
Phishing Attacks on Cloud Storage Providers Causing Concern
Phishing is one of the most common ways that cybercriminals gain access to sensitive data. While logins for online banking services are still a major prize, cybercriminals are now increasingly conducting phishing attacks on cloud storage providers. Software-as-a-service (SaaS) attacks have also soared. A recent report from PhishLabs shows the extent to which cloud storage providers are being targeted. In 2013, cloud storage and...
Beware of LNK Attachments and Malicious SVG Files
JavaScript attachments are still used to infect computers with malware and ransomware, but a new trend has emerged that is seeing cybercriminals switch to malicious SVG files. Malicious LNK files are also growing in popularity. The reasoning behind the switch in file types is clear. They are much less likely to arouse suspicion; therefore, they are more likely to be opened. JavaScript has been extensively used over the past 12 months...
IRS Issues W2 Phishing Scam Warning
Cybercriminals have been sending huge numbers of W2 phishing scam emails over the past few weeks. Tax season usually sees an increase in scam emails being sent, although this year cybercriminals have started their scamming campaigns even earlier. The victim count is also growing rapidly. The W2 phishing scam in question is an email request for copies of employees’ W-2 forms. The scammers impersonate the CEO, CFO or another executive...
SMB File Sharing Protocol Flaw Published Before Patched
A SMB file sharing protocol flaw in Windows has been publicly disclosed 12 days before a patch to correct the issue will be released by Microsoft. According to the researcher who published details of the flaw – Laurent Gaffié – Microsoft has known about the issue for 3 months yet has so far failed to patch the vulnerability. If the SMB file sharing protocol flaw is exploited, an attacker would be able to crash Windows 10...
Security Flaws in Multi-Function Printers Could Lead to Password Theft
Researchers at Ruhr University have discovered security flaws in multi-function printers that could be exploited remotely by hackers to shut down the printers, or worse, manipulate documents or steal passwords. It is also possible for hackers to exploit the flaws to cause physical damage to printers. The researchers have so far identified security flaws in multi-function printers manufactured by computer hardware giants HP, Lexmark...
New Zero Day WordPress Vulnerability: Thousands of Websites at Risk
A new zero day WordPress vulnerability has been discovered in the WordPress REST API that allows content injection and user privileges to be escalated. If exploited, an unauthenticated user would be able to modify any content on the WordPress sites, including adding malicious links or exploit kits, turning harmless sites into malicious malware and ransomware-downloading websites. The new zero day WordPress vulnerability was recently...
WebEx Browser Extension Flaw Patched by Cisco Systems
A WebEx browser extension flaw discovered by Google’s Tavis Ormandy has now been patched by Cisco Systems. The critical vulnerability affects the Cisco WebEx Meetings Server and Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center) browser extensions on Windows machines. Affected versions of the extension are the Cisco WebEx Extension for Google Chrome (earlier versions than 1.0.7), the ActiveTouch...
Beazley Report Details Biggest Security Threats in 2016
Beazley, a provider of cybersecurity insurance for businesses, has released a new report detailing the biggest security threats in 2016. For the report, Beazley analyzed almost 2,000 data breaches experienced by its clients in 2016. The report shows the extent to which ransomware was used to attack U.S. businesses last year. Ransomware attacks on businesses in the United States increased fourfold in 2016. In 2016, Beazley’s clients...
Gmail to Start Blocking JavaScript Attachments from February 2017
Blocking JavaScript attachments can help to reduce malware and ransomware infections, yet Google has resisted adding the file attachments to its banned list. However, that will now change from February 13, 2017. JavaScript files – those with extensions .JS and .JSE – are now commonly used by cybercriminals to infect computers with malware. Over the course of the past two years, malicious JavaScript files has been one of the preferred...
Over 220 Trend Micro Security Vulnerabilities Discovered in 6 Months
Two security researchers have discovered more than 220 Trend Micro security vulnerabilities in the past 6 months. 194 of those vulnerabilities were rated as critical and could potentially allow hackers to remotely execute code without any need for user interaction. The vulnerabilities are spread across 11 different products produced by the cybersecurity firm, and one of those vulnerabilities, which affects Trend Micro’s Data Loss...
Worst Passwords of 2016 Revealed
The worst passwords of 2016 have been revealed by SplashData. This year’s report shows the same mistakes are still being made by end users. Even though the use of weak passwords is a major security risk, end users are still opting for passwords that are easy to remember and simplicity is often favored over security. To compile the list of the worst passwords of 2016, SplashData researchers trawled through millions of stolen...
Biomedical Research Labs Targeted with Ancient Mac Malware
Security researchers have discovered a new Mac malware that is being used in targeted attacks on biomedical research organizations. However, while the malicious code is new to security researchers, it is not a new threat to research organizations. The Mac malware is believed to have been stealing secrets for many years. The malware, named Fruitfly by Apple, was discovered by an IT admin at Malwarebytes. Malwarebytes calls the Mac...
Disk-Wiping Malware Used to Wipe Virtual Desktops
Disk-wiping malware has been around for many years; however, a new variant of an old malware variant has been discovered that is being use to target companies that have implemented a virtual desktop infrastructure (VDI). Rather than each individual employee using their own computer, each is set up with a virtual desktop on a remote server. This arrangement is popular in data centers as it makes for easier management. One of other...
Attacks on Misconfigured MongoDB Databases Soar
Over the past two weeks, there has been a spate of attacks on misconfigured MongoDB databases with the attackers wiping data and issuing Bitcoin ransom demands to return the contents of stolen databases. The attacks started on or around December 27, 2016, with one malicious actor believed to have been targeting organizations running unprotected MongoDB databases. By January 6, 2017, that individual had attacked 13 companies. That...
13 Updates Issued by Adobe: 42 Critical Flash, Reader and Acrobat Flaws Addressed
The first Patch Tuesday of 2017 has seen Adobe issue 13 updates for Adobe Flash, Adobe Acrobat, and Adobe Reader. The updates address 42 critical vulnerabilities, although exploits are not thought to currently exist in the wild. That said, now the patches have been released, it is only a matter of time before exploits are developed. The updates are spread across two bulletins: APSB17-01 for Acrobat and Reader and APSB17-02 for Adobe...
January 2017 Patch Tuesday: Four Updates Issued by Microsoft
January 2017 Patch Tuesday sees one of the lightest updates for Microsoft. The updates are spread across just four security bulletins, two of which have been marked as critical. The updates deal with three exploits affecting Microsoft products directly: Microsoft Edge, MS Office and Windows. The fourth update is for Adobe Flash and updates the Edge and IE browsers. The two critical security bulletins are for Microsoft Office and the...
FDA Confirms Vulnerabilities in St. Jude Medical Devices
The United States Food and Drug Administration (FDA) has completed its investigation into claims that vulnerabilities in St. Jude Medical devices could be remotely exploited by hackers wishing to cause patients harm. Last summer, Muddy Waters published a damming report on ‘stunning’ security vulnerabilities in St. Jude Medical devices that posed a serious risk to patients. The short selling firm had been contacted by a cybersecurity...
Global Cybercrime Costs Will Top $6 Trillion in 5 Years
A recent report published by Cybersecurity Ventures suggests global cybercrime costs will double over the next five years. Global cybercrime costs in 2015 are estimated to have reached $3 trillion. The damage inflicted by cybercriminals has been predicted to top $6 trillion by 2021. The managed security services provider (MSSP) and advisory firm calculated the damages from theft of intellectual property and data, financial fraud,...
Twitter Credit Card Phishing Scam Offers Quick Account Verification
A new Twitter credit card phishing scam has been detected by cybersecurity firm Proofpoint. Twitter users are offered verified account status via native Twitter ads; however, signing up involves providing credit card details, which will be handed directly to the attackers. Achieving verified account status can be a long-winded process. Users of public interest accounts are required to complete multiple steps to verify the identity of...
Switcher Trojan Infects Wi-Fi Routers via Android Mobiles
An incredibly dangerous new Trojan has been detected by Kaspersky Lab which is being used to attack Wi-Fi routers via Android devices. The new malware – named the Switcher Trojan – is currently only being used to attack routers in China, although Kaspersky Lab researchers warn that this new malware signals a dangerous new trend – One that could well become a global problem. The typical way that hackers gain control of Wi-Fi...
New Leet Botnet Used in 650Gbps DDoS Attack
A new botnet has been discovered to almost rival Mirai. The Leet botnet is capable of performing DDoS attacks of at least 650 Gbps 2016 has seen an increase in DDoS attacks on organizations, not only in terms of frequency but also scale. The Mirai botnet was used to conduct massive DDoS attacks on a number of websites and online platforms towards the end of the year. KrebsOnSecurity was attacked, with the DDoS assault registering 620...
Ransomware Attackers Target the Industrial Sector with KillDisk Variant
Throughout 2016, ransomware gangs have targeted the healthcare sector with increased rigor. However, a new ransomware variant has been developed that is being used to attack industrial companies. The new threat does not permanently lock files as with other ransomware variants. Companies are threatened with full disk deletion if they do not pay the ransom, and the ransomware is capable of doing just that. The malware variant used for...
Final Cybersecurity Guidance on Medical Devices Issued by FDA
Final cybersecurity guidance on medical devices has been issued by the U.S. Food and Drug Administration (FDA). The 30-page document augments previous guidance published by the FDA in 2014 and is intended to help manufacturers of medical devices implement policies, procedures, and controls to secure postmarket devices. Previous guidance has covered security controls and policies that should be implemented to ensure medical devices are...
Microsoft Admits Its Windows 10 Update Policy Was Too Aggressive
The aggressive tactics used by Microsoft to get push its Windows 10 upgrade annoyed many users. Many Windows users felt they were being bombarded with communications telling them to upgrade for security recommendations. The frequency that dialog boxes popped up on screens and the inability to remove or prevent notifications from appearing angered many Windows 7 and Windows 8 users. During a weekly podcast, Chris Capossela, Microsoft’s...
Ticno Trojan Downloader Mimics Windows Dialog Box
A new Trojan downloader has been identified by Russian antivirus firm Dr. Web, which installs malicious payloads – currently adware – using a popup Windows ‘Save As’ dialog box. The malware, which has been named Trojan.Ticno.1537 covertly installs a range of adware and a malicious Google Chrome extension. The Ticno Trojan, which is downloaded by a separate malware, is packaged with legitimate software in a single installation file....
Samsa Ransomware Nets Criminals at Least $450,000 in a Year
The cybercriminals who have been infecting consumers and businesses with the ransomware variant SamSa have reportedly extorted $450,000 from businesses and consumers over the past 12 months, according to a recent report from Palo Alto Networks Unit 42 team. Researchers were able to calculate the cybercriminals’ minimum earnings by monitoring the Bitcoin Wallet addresses used by the attackers. Palo Alto Networks was able to see...
70% of Businesses Infected With Ransomware Pay Up
A recent study conducted on behalf of IBM Security has clearly demonstrated why ransomware has proved so popular with cybercriminals. Out of 600 businesses that were surveyed, almost half reported having experienced a ransomware attack. Out of those that had, 70% paid the attackers to supply keys to unlock the encryption. Ransom demands are typically around $700 per infected device, although the amounts charged can vary considerably....
December 2016 Adobe Patch Fixes Actively Exploited Vulnerability
An actively exploited vulnerability in Adobe Flash has now been patched. The December 2016 Adobe patch also fixes a further 16 Flash vulnerabilities rated as critical and 8 flaws in other Adobe products. In total, the latest update addresses 31 separate vulnerabilities across nine different Adobe products. The December 2016 patch has been released for Windows, Macintosh, Linux, and the ChromeOS. Users have been advised to apply the...
Netgear Router Vulnerability Prompts US-CERT Warning to Stop Using the Devices
A Netgear router vulnerability that has remained unpatched for three months has now been publicly disclosed, placing users at risk of their devices being hacked. So severe is the threat, that US-CERT has issued a stern warning to all users of the devices strongly advising them to replace the devices. US-CERT Coordination Center at Carnegie Mellon University assigned the Netgear router vulnerability a rating of 9.3 out of 10. An...
Windows XP Use Places 90% of UK Hospitals at Risk of Cyberattack
Hospitals throughout the United Kingdom are still using the outdated, unsupported, and unpatched Windows XP release, even though by doing so they are placing their networks at risk of attack. A recent study conducted by Citrix shows that 9 out of 10 National Health Service Trusts in the United Kingdom still have Windows XP machines in use. Microsoft has released Vista, Windows 8, and Windows 10 since Windows XP, and support for the XP...
Windows 8 and 10 Update Knocks Users Offline?
Internet Service Providers in the UK and Belgium have been flooded with calls from disgruntled customers who have been prevented from accessing the Internet over the weekend. The problem has been attributed to a flawed update that was automatically installed by Microsoft. The problems started last week with customers of ISPs BT, Plusnet, and TalkTalk experiencing intermittent Internet access, while Sky and Virgin Media customers also...
December 2016 Patch Tuesday Addresses 6 Critical Vulnerabilities
December 2016 Patch Tuesday saw Microsoft correct 34 separate flaws across 12 bulletins. Six bulletins are rated as critical, the remaining 6 are rated important. The latest round of patching rounds off a year that has been a record-breaker for Microsoft. More Windows patch bulletins have been released in 2016 than in past years. The number of patch bulletins released in 2016 is 15% higher than last year, which was also a record...
Popcorn Time Ransomware Offers Victims A Criminal Choice
Ransomware authors are constantly developing new ways to spread their malicious software and pull in more ransom payments; however, Popcorn Time ransomware – a new ransomware variant recently discovered by researchers at MalwareHunterTeam – uses tactics never before seen. Popcorn Time ransomware gives victims a choice: Pay the ransom and regain access to their encrypted files or obtain the decryption key for free. The catch? They need...
Three New Linux Kernel Vulnerabilities Uncovered
Three new Linux kernel vulnerabilities have been uncovered by security researchers which could potentially be exploited by hackers to cause Linux systems to crash or to enable hackers to remotely run arbitrary code. While older versions of Linux contain numerous flaws, one of the new Linux kernel vulnerabilities affects the most recent versions of Linux including Fedora, Red Hat Enterprise Linux (RHEL) 7, and Ubuntu. CVE-2016-8655,...
323,000 New Malware Samples Being Discovered Every Day
According to the latest figures from Kaspersky Lab, there are now more than 323,000 new malware samples being released every day: An increase of 13,000 per day compared to last year and 253,000 more malicious files per day than in 2011. Kaspersky Lab’s cloud database now contains the signatures for more than 1 billion forms of malware. The massive rise in new forms of malware is due to more sophisticated means of creating new malware....
Insider Breach Threat Main Concern of Half of IT Professionals
Almost half of IT professionals believe the insider breach threat is more of a concern than the threat posed by hackers. Hackers may pose a major risk to data security, but it is the insider breach threat that is most difficult to deal with. IT security solutions can be purchased to secure the network perimeter, but protecting data from internal attacks and accidental breaches is a major challenge. 49% of IT professionals that...
Holiday Season Malware Infections Double in 2016
Holiday season malware infections are to be expected. Each year as more shoppers head online, Windows malware infections increase. According to figures from Enigma Software Group (ESG), between Black Friday and Cyber Monday in 2015, malware infections were 84% higher than normal levels. However, this year during the same period, malware infections were 118% times the level seen at other times of the year. Holiday season malware...
IBM Reports Increase in VOIP Cyber Attacks
A new report by IBM’s Security Intelligence team show there has been an increase in VOIP cyber attacks in 2016, with a significant increase in the second half of the year. The majority of VOIP cyber attacks in the past month (51.47%) are on VOIP systems that operate on the Session Initiation Protocol (SIP): One of the most common VOIP protocols in use. 48.39% of attacks affected Cisco’s Skinny Client Control Protocol (SCCP): The...
1.3 Million Google Accounts Compromised Due to Gooligan Malware Infection
Israeli cybersecurity firm CheckPoint has discovered a new form of Android malware – Gooligan – that is spreading at an alarming rate. A Gooligan malware infection potentially gives attackers access to Google accounts and the data stored in Gmail, Google Drive, Google Photos, Google Play, G Suite and Google Docs. on their device. Already, more than 1.3 million Google accounts have potentially been compromised as a result of a...
Princess Locker Ransomware Decryptor Released
A security researcher from Poland – Hasherezade – has released a Princess Locker ransomware decryptor, which has been made available for victims of the ransomware to use free of charge. Princess Locker ransomware is currently being offered to cybercriminals on darknet marketplaces under a ransomware-as-a-service model. While not one of the most prevalent forms of ransomware, it still posed a significant threat until the...
What are the Highest Risk IoT Devices for Enterprises?
Internet-connected devices can introduce considerable security risks, but what are the highest risk IoT devices for enterprises? According to a new report from cloud-based information security company Zscaler, the highest risk IoT devices for enterprises are surveillance cameras – devices that are purchased and installed to decrease risk. Unfortunately, while surveillance cameras can be used to reduce the risk of theft of equipment,...
New Ransomware Variant Blackmails Victims
Researchers at Proofpoint have identified a new ransomware variant named Ransoc that uses different techniques to extort money from victims. Rather than encrypting a wide range of file types and demanding a ransom payment from the victims to supply a key to unlock data, the victims are blackmailed into making payment. Ransomware typically locks stored data with powerful encryption. Most common file formats are locked including...
70% of IT Pros are Concerned about Cloud Security Risks
More organizations are now taking advantage of the benefits of the cloud, yet 70% of IT professionals are concerned about cloud security risks, according to the second global Cloud Security Survey from Netwrix Corp. The biggest concern is the potential for sensitive data to be accessed by employees of cloud service providers and third parties. 69% of respondents said unauthorized access was their biggest concern. Malware was also...
CrySis Ransomware Decryptor Released
Researchers at Kaspersyky Lab have released a CrySis ransomware decryptor that will allow the recovery of files encrypted by CrySis ransomware versions 2 and 3 without victims having to pay a ransom. Rather than release a separate CrySis ransomware decryptor, Kaspersky Lab incorporated the master decryption keys into the Rakhni decryptor which is available for download from the No More Ransom website. The master decryption keys were...
Attackers Using ICMP Ping Floods to Take Down Enterprise Firewalls
According to researchers from Danish telecom firm TDC, attackers are using ICMP ping floods to perform Denial of Service (DoS) attacks which are capable of taking down enterprise firewalls. In contrast to standard DDoS attacks, the attacker does not need to use an army of hacked devices to pull off the attack. It can be performed using a single laptop computer. Further, the mitigations put in place to counter traditional DDoS attacks...
Cybercriminals Calling Customer Service Reps to Convince them to Open Infected Email Attachments
Training employees not to open file attachments send from unknown email accounts can help to prevent malware and ransomware infections. However, a well known cybercriminal gang is increasing the number of infections by calling hotel and restaurant employees and asking them to open emails with infected attachments. Trustwave has recently issued a warning to hotel and restaurant chains advising them to be wary of the scam. The gang...
Locky Ransomware Campaign Targets OPM Data Breach Victims
The actors behind Locky ransomware have started using data from the OPM data breaches of 2014 and 2015 as part of a new campaign to spread cryptoransomware. It is unclear how much of the data has been obtained, although in total, 22 million user records were stolen in the OPM data breach. The mass spam emails contain a malicious JavaScript file which downloads Locky onto computers. Once installed the ransomware can encrypt files on...
Microsoft Security Bulletins to End In January
Do you rely on Microsoft Security Bulletins to keep abreast of new patches and fixes to known vulnerabilities? If so, you should get prepared for a change to how Microsoft makes its announcement of security fixes. In a recent blog post, Microsoft has confirmed that the Security Bulletins – as we know them – will be stopping in January 2017. From February 2017, all patches and security fixes will be added to the Microsoft Security...
New Business Email Compromise Scam Tactics Uncovered
There are a variety of business email compromise tactics that are used by scammers to convince executives to make fraudulent wire transfers. However, a security researcher from Symantec has noticed some scammers have started taking a different approach to increase the success rate of BEC scams. The problem for the scammers is trust. While busy executives may be careless and fail to adequately check the legitimacy of bank transfer...
New LinkedIn Social Engineering Scam Uncovered
Researchers at Heimdal Security have uncovered a new LinkedIn social engineering scam that attempts to get the LinkedIn account holders to reveal their personal information. The attackers are trying to gain access to users’ financial data as well as identity documents such as passport and driver’s license numbers that can be used to commit identity theft. The attackers are using a common social engineering technique designed to scare...
Google Takes Action Against Websites that Repeatedly Serve Malware
Google is to take action against websites that are repeatedly used to serve malware, unwanted software, or are used to phish for information. Once a website has been identified as a repeat offender, visitors to the website that use the Chrome browser will be served a warning alerting them that the site is being used to distribute malware. Site owners will be given the opportunity to clean their sites and have the warning removed, but...
Patch Tuesday Sees 68 Microsoft Vulnerabilities Fixed
Microsoft has fixed 68 vulnerabilities this Patch Tuesday – including six that have been rated critical. The updates are spread across 14 security bulletins. The updates include fixes for two vulnerabilities that are currently being actively exploited, one of which (CVE-2016-7255) was announced by Google late last month. Google took the decision to announce the vulnerability within 10 days of alerting Microsoft to the issue, even...
Joomla Website Attacks Increase as Hackers Reverse Engineer Patches
Two recently discovered critical vulnerabilities in the Joomla content management system are now being used by hackers in a wave of attacks on Joomla websites. While the vulnerabilities were not believed to have been exploited last week, that is no longer the case. Following the release of any Joomla patch, hackers are quick to take advantage. Attacks on unpatched sites usually start within a matter of hours after a patch has been...
NetSkope Performs Analysis of CloudFanta Malware
A new report published by NetSkope Threat Research Labs casts some light on CloudFanta malware, which is currently being spread via spearphishing campaigns. CloudFanta malware was first identified in July 2016 and is known to have been used in upwards of 26,000 credential-stealing attacks. The purpose of the malware is to steal email credentials and monitor online banking activities. Once email credentials have been obtained, messages...
New Locky Ransomware Variant Detected in Three Major Campaigns
Locky ransomware continues to spread at an alarming pace, in part due to the number of different Locky ransomware variants that have now been released. New variants are now appearing on a weekly basis, with the malicious file-encrypting malware constantly being tweaked to avoid detection and keep security researchers guessing. Some of the latest variants of the ransomware have used the .sh*t extension rather than the more familiar...
Critical Joomla Vulnerabilities Addressed in New Security Release
Two critical Joomla vulnerabilities and a 2-factor authentication bug have been addressed this week. A new version of Joomla 3x was released on Tuesday – Joomla! Version 3.6.4 – and users are being encouraged to upgrade at the earliest opportunity to keep their websites secure. If exploited, the vulnerabilities could allow attackers to take full control of the Joomla CMS. The critical Joomla vulnerabilities can be exploited by...
Emergency Flash Player Update Issued to Address Critical Flaw
An emergency Flash Player update has been issued by Adobe to plug a critical vulnerability that is currently being exploited in the wild. The flaw – which is being tracked as CVE-2016-7855 – is a use-after-free error which could be used for arbitrary code execution. The flaw could allow attackers to take full control of an affected system. The update has been released for Windows, Macintosh, Linux, and the Chrome OS, although...
Cisco Email Security Appliance Flaws Patched
On Wednesday this week, updated software was released to address nine Cisco email security appliance flaws. Cisco has not uncovered any evidence to suggest that any of the recently addressed flaws have actually been exploited in the wild, although users of its email security appliances have been advised to update to the latest version of its software at the earliest opportunity. The latest update resolves three Denial-of-Service flaws...
Warning Issued on Fake Microsoft Security Essentials Installer
A fake Microsoft Security Essentials installer is being used by scammers to fool users into calling a bogus tech support team. The fake Microsoft Security Essentials installer generates what appears to be Microsoft’s infamous “blue screen of death.” The mouse arrow is disabled and users are prevented from opening up task manager. To fix the problem they are told they must call a tech support line. Calling the support line will require...
Dirty Cow Linux Kernel Security Flaw Being Actively Exploited
The Dirty Cow Linux kernel security flaw (CVE-2016-5195) discovered by a security researcher at software vendor Red Hat is being actively exploited in the wild. The discovery has prompted Red Hat to issue a stern warning to Linux administrators to patch the flaw immediately. Failure to do so could see the vulnerability exploited. Unfortunately, should the Dirty Cow Linux kernel security flaw be exploited, it may be hard to detect...
Critical VeraCrypt Flaws Patched: Users Urged to Upgrade
Critical VeraCrypt flaws that were recently uncovered by cybersecurity firm QuarksLab have now been patched in version 1.19 of the popular full-disk encryption software. Users are being urged to upgrade to the latest version of the software as soon as possible now that details of the vulnerabilities have been disclosed publicly. VeraCrypt is the successor to TrueCrypt, which was a popular open source free file encryption program used...
New Tool Allows Windows Users to Protect Against Master Boot Record Attacks
Researchers from Talos team at Cisco Systems have released a new tool that can protect against master boot record attacks on Windows computers that are not protected by the Secure Boot feature introduced by Microsoft in Windows 8. The tool can be used to prevent malware and certain forms of ransomware from making changes to the master boot record. The master boot record contains executable code that is run prior to the computers...
Confidence in Data Breach Preparedness Found to be Lacking
According to a recent study conducted by the Ponemon Institute, the vast majority of companies now have a data breach response plan in place, yet most of the IT professionals surveyed lacked confidence in their company’s data breach preparedness plans. Only 42% of respondents to the Experian-sponsored survey said their breach response plans were effective or very effective. 31% lacked confidence in their company’s ability to deal with...
Warning Issued About Hurricane Matthew Phishing Scams
US-CERT has issued warning about a spate of Hurricane Matthew phishing scams as cybercriminals attempt to defraud users and infect computers by taking advantage of interest in the hurricane. Following any natural disaster or major new event, scammers launch new campaigns to obtain sensitive information that can be used for identity theft and fraud. Cybercriminals also seize the opportunity to spread malware and ransomware. This...