Panera Bread company is the latest to find itself in hot water. Recently, security researcher Dylan Houlihan discovered that the company had failed to encrypt (or otherwise protect) a file containing usernames, email addresses, physical addresses, phone numbers and loyalty account numbers for a staggering thirty-seven million of its customers. The file was found stored as plain text, and accessible to anyone who bothered to go looking for it. The good news is that no one appears to have … Read more
Most “Wannacry” Hacks Were On Windows 7 Machines
Last year's Wannacry attack was bad, but in many ways, it was a self-inflicted wound. According Webroot's recently published "Annual Threat Report," almost all of the machines that succumbed to the Wannacry attack were running Windows 7. That attack is estimated to have caused in excess of $4 billion in total losses. The central problem is that businesses have been much slower than individuals to make the shift from Windows 7 to the much more secure Windows 10. For example, in January … Read more
Hackers Zone In On Microsoft Products To Attack
Congratulations to Adobe Flash Player for not being the software most targeted by hackers. Security vendor "Recorded Future" has just published their annual list of the software hackers most commonly focus on when targeting computers and handheld devices for attack. For the last several years, Adobe's Flash Player has topped the list, but this year they have been dethroned. Microsoft now has the embarrassing honor. There are multiple Microsoft programs on this year's list, with some of them … Read more
Huge Spike in Malware With Mining Capabilities
There's a new type of hacking attack to be concerned with, and it's growing by leaps and bounds. Called "Crypto-Jacking," it's a process by which malicious code is placed on websites. When the sites are visited, the code secretly siphons off a portion of the affected user's PC, laptop, or smartphone's processing power and uses it to mine for various cryptocurrencies so that the hackers can profit from it. Kevin Haley, the Director of Symantec's Security Response Team, had this to say about … Read more
MyFitnessPal User Information Data Breach Affects 150 Million
Another week, another high-profile data breach. This time, it's Under Armour in the hot seat. Under Armour acquired the MyFitnessPal app back in February 2015, and the company recently announced that their new acquisition was hacked in late February 2018. So far, the company is taking all steps we've come to see as usual in these circumstances. They've notified their user base about the scope and scale of the attack, which impacted a hefty 150 million users. In conjunction with the … Read more
Remote Desktop Flaw Affects Every Windows Version
Researchers at Preempt Security recently discovered a critical flaw in Microsoft's Credential Security Support Provider protocol (CredSSP for short) that impacts every version of Windows in existence. It could allow a hacker to remotely exploit Windows Remote Desktop to execute malicious code and steal any data stored on the machine. The flaw, logged as CVE-2018-0886 would allow a hacker to execute a man in the middle attack, (provided that they had Wi-Fi or physical access to the machine) … Read more
Massive Malware Attack Stemmed From Bittorent App
According to a Microsoft security researcher, a massive malware attack attempted to install a cryptocurrency mining software on more than 400,000 computers in less than twelve hours. The failed campaign is noteworthy because of the attack vector used. It was a supply chain attack implemented by compromising Bittorrent, a highly popular program used to share and download files. Until recently, security professionals discounted the very possibility of supply chain attacks, regarding them as … Read more
Attacks on Health Organizations Increasing At Alarming Rate
It used to be the case that credit card companies and retail outlets were the primary targets of hackers around the world. Make no mistake, they still get attacked with regularity, but the hackers have found a new and even more lucrative target: Health Organizations. According to a new report jointly produced by the Ponemon Institute and Merlin International, the medical/healthcare industry suffered nearly a quarter (23 percent) of all the data breaches that occurred in 2017. It gets … Read more
Beware Fake Craigslist Email Could Contain Ransomware
If you post ads on Craigslist for short term employment, be aware that there's a new malspam campaign that aims to distribute Sigma ransomware on the computers of unwary users. By all outward appearances, the emails seem to come from Craigslist in response to ads posted in Craigslist's "Gigs" section for short term employment. The emails will generally express interest in whatever job the user has posted and include a protected Word or RTF document which recipients will assume are … Read more
Trustico CEO Leaks HTTPS Certificate Keys Through Email
The CEO of Trustico, a TLS certificate reseller based in the United Kingdom, finds himself at the center of a controversy that raises a number of disturbing questions about browser-trusted security certificates. The email in question was sent to Jeremy Rowley, an executive Vice President at DigiCert. The catalyst that prompted the fateful email was that officials at Trustico notified DigiCert that 50,000 certificates originally issued by Symantec and resold by Trustico had been compromised … Read more
