It used to be the case that credit card companies and retail outlets were the primary targets of hackers around the world. Make no mistake, they still get attacked with regularity, but the hackers have found a new and even more lucrative target: Health Organizations. According to a new report jointly produced by the Ponemon Institute and Merlin International, the medical/healthcare industry suffered nearly a quarter (23 percent) of all the data breaches that occurred in 2017. It gets … Read more
Beware Fake Craigslist Email Could Contain Ransomware
If you post ads on Craigslist for short term employment, be aware that there's a new malspam campaign that aims to distribute Sigma ransomware on the computers of unwary users. By all outward appearances, the emails seem to come from Craigslist in response to ads posted in Craigslist's "Gigs" section for short term employment. The emails will generally express interest in whatever job the user has posted and include a protected Word or RTF document which recipients will assume are … Read more
New And Potentially More Dangerous Intel Vulnerability Discovered
The "Spectre" vulnerability that impacts literally every Intel chip made over the last decade keeps finding new ways to make the news. In this instance, researchers at Ohio State University have discovered a new variant of the vulnerability that they have dubbed "SGX Spectre." To understand how it's different, a bit of explanation is in order. SGX stands for "Software Guard eXtensions," and is a feature only found in the latest Intel processors. It allows applications to create "data … Read more
Another 2.4 Million Users Hacked In Equifax Breach
It looks like it's going to be another bad month for Equifax. The company just can't seem to get out of its own way. In 2017, the company announced a massive data breach that (it initially claimed) impacted some 140 million users. Several months after the official announcement, the company was forced to revise the number of impacted users upward, as the forensic investigation into the breach continued. Now, the company has announced a further upward revision of 2.4 million, bringing the … Read more
Google Calls Out Microsoft For Security Issue
Depending on who you ask, Google's Project Zero is either the thing that's going to singlehandedly save the internet, or the bane of many companies' existence. It's easy to see both sides of the argument. On one hand, by uncovering previously undiscovered bugs in all manner of software and handing that information over to the authors, Google is undeniably performing a valued public service. The problem has never been with the "carrot" side of the equation, always with the stick. The … Read more
Android Ransomware Infections Declined in 2017
Android users have a reason to cheer. According to the latest report by ESET, the number of ransomware attacks targeting Android devices declined in 2017. The decline represents a bit of an anomaly, given that in 2017, the most common type of malware attack (by a wide margin) was ransomware. Given that security researchers can't name a particular reason for the decline, it's important not to read too much into the data. Whether there are declining figures or not, ransomware attacks still … Read more
IRS Labeled Email Could Contain Ransomware
There's a new strain of the "Rapid Ransomware" making the rounds, and because of how it's being transmitted, it's destined to have a higher than average rate of infection. The new strain was first discovered by Derek Knight. It is disturbing because it claims to come from the IRS, and will feature subject lines like "IRS Urgent Message-164." The body of the email then goes on to say that the recipient owes some amount of money in real estate taxes, and "helpfully" includes instructions for … Read more
40 Percent Of All Login Attempts Are From Bots
Here's a statistic that is as disturbing as it is frustrating. According to the latest "State of the Internet/Security" report for the fourth quarter of 2017, as published by Akamai, bot-traffic accounts for a staggering 43 percent of all login attempts. As bad as that figure is on its face, it's far worse for companies in the hospitality industry, where the figure is an almost unbelievable 82 percent. The reason? Hackers are increasingly using bots to perform "credential stuffing" … Read more
Changes To Google Images Will Make Image Theft Difficult
Image theft is one of the biggest problems on the internet. If you're a photographer, you've almost certainly lost money because people find your work online and make a copy of it rather than paying for the right to use it. Unfortunately, Google has made that incredibly easy to do, but that's changing. Until recently, if you did a Google image search, you'd get a list of images that matched your search phrase, and one of the buttons displayed was a "View Image" button that would take you to … Read more
Blizzard Games Vulnerability Could Leave Gamers Open To Hacking
Do you play Blizzard online computer games such as World of Warcraft, Diablo III, Hearthstone, Starcraft II, or Overwatch? If so, there's a potential problem you need to be aware of. Tavis Ormandy, a researcher on Google's Project Zero team, recently discovered that the Blizzard Update Agent is vulnerable to hacking, via a technique known as "DNS Rebinding." The update agent is designed to accept commands to install, uninstall, change settings, update and perform other maintenance … Read more
