Brinker International (the parent company of the Chili's restaurant chain) formally announced that on May 11, they discovered malware on an undisclosed number of their point of sales terminals. Details are sketchy at this point, because the investigation is still ongoing, but the company had the following to say about the incident: "If you used your payment card at a Chili's restaurant between March and April 2018, it does not mean you were affected by this incident. However, out of an … Read more
Vega Stealer Malware Goes After Your Saved Credentials
There's a new security threat to be worried about, and security professionals are warning that it could be very bad indeed. The new malware is known as the "Vega Stealer," and is currently being used in a relatively simplistic phishing campaign designed to harvest financial data that has been saved in both Google Chrome and Firefox browsers. Unfortunately, based on an analysis of the code, it could be a much more serious threat. Vega Stealer isn't 100 percent original work, but rather, is a … Read more
Your Kids’ Personal Info May Have Been Compromised
An identity threat company called 4iQ has recently published a report called "Identities in the Wild: The Tsunami of Breached Identities Continues." Unfortunately, the information in the report contains all bad news. Some of the details are simply confirmations of things we already knew, and some are shocking statistics that will leave you feeling dismayed. For instance: Cybercriminals and hackers are getting increasingly sophisticated - This isn't new, but it's even worse than that. … Read more
Healthcare Sector Facing Rise In Ransomware Attacks
The Department of Health and Human services has issued a warning to healthcare providers to be on high alert for the SamSam strain of ransomware, which has been used to attack eight different health care entities so far this year. SamSam made its first appearance in 2016 and is seeing increasingly widespread use so far this year. Unfortunately, the healthcare industry is considered by most to be a soft target. On the Dark Web, healthcare data has become more highly sought after than credit … Read more
Hackers Can Use PDF Files To Access Windows Credentials
Security researcher Assaf Baharav from Check Point Security has discovered a new twist on an old, fairly well-known attack. He was able to essentially "weaponize" PDFs to steal Windows credentials stored in NTLM hashes. Unfortunately, no action other than simply opening the PDF is required for the hacker to gain access to the information. Baharav used the same methodology that hackers have used in the past, which amounts to instantiating SMB requests from inside the document. Hackers have … Read more
WiFi Sync on iOS Vulnerable To TrustJacking
Owners of Apple devices have a new attack vector to worry about, called "TrustJacking." Symantec researchers recently stumbled across a pair of scenarios that take advantage of Wi-Fi syncing of various Apple devices. These are scenarios that also take advantage of the trust users have in the security of their own devices, allowing hackers to take complete control over those devices. The flaw is a consequence of the way that iTunes Wi-Fi Sync is designed. The vulnerability manifests when a … Read more
New Malware Takes Screenshots and Steals Your Passwords
Recently, a new strain of malware called "SquirtDanger" has been found by researchers at Palo Alto Networks Unit 42, and it's a particularly nasty one for a couple of reasons. First and foremost, the owner of the malware isn't orchestrating campaigns himself, but rather, selling his product as a commodity on the Dark Web. That has troubling implications because the malware is quite advanced, and since it's being sold to a broad cross-section of hackers, odds are excellent that it will be … Read more
Bank Employee Steals Info On Over A Million Customers
Atlanta-based SunTrust Bank is the 12th largest bank in the US. They have a major problem, and so do roughly a million and a half of its customers. According to CEO William Rogers, an unidentified employee of the firm printed a vast amount of private customer information, including their names, addresses, phone numbers and account balance information. Rogers stressed that social security numbers, account numbers, driver's license numbers, user IDs, and passwords were not exposed. In a … Read more
Researchers Find Major Vulnerabilities In Banking Apps
Do you do your banking online? If so, there's bad news in the form of a report recently released by the security firm "Positive Technologies." The company tested a variety of websites using a proprietary tool they developed in-house, which scans websites for security flaws. While flaws were found across a wide range of industries, literally every banking site Positive Technologies tested was found to have serious security flaws. The particulars varied from one bank to the next, but the … Read more
Major Server Ring Distributing Malware Taken Down
Score one for the good guys. A researcher from BrilliantIT was recently able to figure out how infected computers would connect to EITest's command and control server, and using that information, was able to bring down their entire network. If you haven't heard of EITest before, the true significance of that statement might not be registering. EITest first appeared in 2011. In its original incarnation, it was little more than an annoyance. It was a collection of compromised servers used … Read more
