An identity threat company called 4iQ has recently published a report called "Identities in the Wild: The Tsunami of Breached Identities Continues." Unfortunately, the information in the report contains all bad news. Some of the details are simply confirmations of things we already knew, and some are shocking statistics that will leave you feeling dismayed. For instance: Cybercriminals and hackers are getting increasingly sophisticated - This isn't new, but it's even worse than that. … Read more
Hackers Can Use PDF Files To Access Windows Credentials
Security researcher Assaf Baharav from Check Point Security has discovered a new twist on an old, fairly well-known attack. He was able to essentially "weaponize" PDFs to steal Windows credentials stored in NTLM hashes. Unfortunately, no action other than simply opening the PDF is required for the hacker to gain access to the information. Baharav used the same methodology that hackers have used in the past, which amounts to instantiating SMB requests from inside the document. Hackers have … Read more
WiFi Sync on iOS Vulnerable To TrustJacking
Owners of Apple devices have a new attack vector to worry about, called "TrustJacking." Symantec researchers recently stumbled across a pair of scenarios that take advantage of Wi-Fi syncing of various Apple devices. These are scenarios that also take advantage of the trust users have in the security of their own devices, allowing hackers to take complete control over those devices. The flaw is a consequence of the way that iTunes Wi-Fi Sync is designed. The vulnerability manifests when a … Read more
Bank Employee Steals Info On Over A Million Customers
Atlanta-based SunTrust Bank is the 12th largest bank in the US. They have a major problem, and so do roughly a million and a half of its customers. According to CEO William Rogers, an unidentified employee of the firm printed a vast amount of private customer information, including their names, addresses, phone numbers and account balance information. Rogers stressed that social security numbers, account numbers, driver's license numbers, user IDs, and passwords were not exposed. In a … Read more
Researchers Find Major Vulnerabilities In Banking Apps
Do you do your banking online? If so, there's bad news in the form of a report recently released by the security firm "Positive Technologies." The company tested a variety of websites using a proprietary tool they developed in-house, which scans websites for security flaws. While flaws were found across a wide range of industries, literally every banking site Positive Technologies tested was found to have serious security flaws. The particulars varied from one bank to the next, but the … Read more
MyFitnessPal User Information Data Breach Affects 150 Million
Another week, another high-profile data breach. This time, it's Under Armour in the hot seat. Under Armour acquired the MyFitnessPal app back in February 2015, and the company recently announced that their new acquisition was hacked in late February 2018. So far, the company is taking all steps we've come to see as usual in these circumstances. They've notified their user base about the scope and scale of the attack, which impacted a hefty 150 million users. In conjunction with the … Read more
Attacks on Health Organizations Increasing At Alarming Rate
It used to be the case that credit card companies and retail outlets were the primary targets of hackers around the world. Make no mistake, they still get attacked with regularity, but the hackers have found a new and even more lucrative target: Health Organizations. According to a new report jointly produced by the Ponemon Institute and Merlin International, the medical/healthcare industry suffered nearly a quarter (23 percent) of all the data breaches that occurred in 2017. It gets … Read more
Beware Fake Craigslist Email Could Contain Ransomware
If you post ads on Craigslist for short term employment, be aware that there's a new malspam campaign that aims to distribute Sigma ransomware on the computers of unwary users. By all outward appearances, the emails seem to come from Craigslist in response to ads posted in Craigslist's "Gigs" section for short term employment. The emails will generally express interest in whatever job the user has posted and include a protected Word or RTF document which recipients will assume are … Read more
Another 2.4 Million Users Hacked In Equifax Breach
It looks like it's going to be another bad month for Equifax. The company just can't seem to get out of its own way. In 2017, the company announced a massive data breach that (it initially claimed) impacted some 140 million users. Several months after the official announcement, the company was forced to revise the number of impacted users upward, as the forensic investigation into the breach continued. Now, the company has announced a further upward revision of 2.4 million, bringing the … Read more
IRS Labeled Email Could Contain Ransomware
There's a new strain of the "Rapid Ransomware" making the rounds, and because of how it's being transmitted, it's destined to have a higher than average rate of infection. The new strain was first discovered by Derek Knight. It is disturbing because it claims to come from the IRS, and will feature subject lines like "IRS Urgent Message-164." The body of the email then goes on to say that the recipient owes some amount of money in real estate taxes, and "helpfully" includes instructions for … Read more
