According to a Microsoft security researcher, a massive malware attack attempted to install a cryptocurrency mining software on more than 400,000 computers in less than twelve hours. The failed campaign is noteworthy because of the attack vector used. It was a supply chain attack implemented by compromising Bittorrent, a highly popular program used to share and download files. Until recently, security professionals discounted the very possibility of supply chain attacks, regarding them as … Read more
Attacks on Health Organizations Increasing At Alarming Rate
It used to be the case that credit card companies and retail outlets were the primary targets of hackers around the world. Make no mistake, they still get attacked with regularity, but the hackers have found a new and even more lucrative target: Health Organizations. According to a new report jointly produced by the Ponemon Institute and Merlin International, the medical/healthcare industry suffered nearly a quarter (23 percent) of all the data breaches that occurred in 2017. It gets … Read more
Beware Fake Craigslist Email Could Contain Ransomware
If you post ads on Craigslist for short term employment, be aware that there's a new malspam campaign that aims to distribute Sigma ransomware on the computers of unwary users. By all outward appearances, the emails seem to come from Craigslist in response to ads posted in Craigslist's "Gigs" section for short term employment. The emails will generally express interest in whatever job the user has posted and include a protected Word or RTF document which recipients will assume are … Read more
IRS Labeled Email Could Contain Ransomware
There's a new strain of the "Rapid Ransomware" making the rounds, and because of how it's being transmitted, it's destined to have a higher than average rate of infection. The new strain was first discovered by Derek Knight. It is disturbing because it claims to come from the IRS, and will feature subject lines like "IRS Urgent Message-164." The body of the email then goes on to say that the recipient owes some amount of money in real estate taxes, and "helpfully" includes instructions for … Read more
Blizzard Games Vulnerability Could Leave Gamers Open To Hacking
Do you play Blizzard online computer games such as World of Warcraft, Diablo III, Hearthstone, Starcraft II, or Overwatch? If so, there's a potential problem you need to be aware of. Tavis Ormandy, a researcher on Google's Project Zero team, recently discovered that the Blizzard Update Agent is vulnerable to hacking, via a technique known as "DNS Rebinding." The update agent is designed to accept commands to install, uninstall, change settings, update and perform other maintenance … Read more
2 Million Credit Cards Stolen From Popular Sandwich Shop
By now, we've seen enough large-scale Point of Sale (POS) credit card thefts that patterns are beginning to emerge. Some companies follow the general arc of the narrative better than others and deserve credit for doing so, but in the end, the story is about the same. That's certainly the case with Jason's Deli. Recently, they discovered RAM-scraping malware on a number of their POS terminals. This has happened at a total of 164 of their locations, scattered across 14 states. During the … Read more
Mac Computers Battling New Malware For Hijacking DNS
It's official, the first macOS malware of 2018 is here. Discovered by an independent security researcher and dubbed "OSX/MaMi," the code is functionally similar to DNSChanger malware. The researcher posted his findings on the Malwarebytes forum and none other than Patrick Wardle (an ex-NSA hacker) analyzed it, having this to say: "OSX/MaMi isn't particularly advanced - but does alter infected systems in rather nasty and persistent ways. By installing a new root certificate and hijacking … Read more
Use Of Bots Has Increased Fake Account Creations
The ThreatMetrix Cybercrime Report 2017 is out, and is a troubling read for anyone who has anything to do with data security. As a fraud prevention company protecting nearly a billion and a half users around the world, they're uniquely positioned to know, and their insights on the threat landscape is invaluable. Their main finding is that hackers, scammers and fraudsters are moving away from using stolen debit and credit cards, given that these things have such a short shelf life. On the … Read more
Intel Chips Face Another Possible Vulnerability
Intel's year isn't getting off to a very good start. Just after the discovery of a pair of critical vulnerabilities that have been in their chipsets for more than a decade comes the discovery of yet another serious flaw that could impact millions of laptops around the world. A Finnish data security firm called "F-Secure" just reported an issue with Intel's Active Management Technology (AMT) that could allow a hacker to completely bypass the machine's normal login procedure and take control … Read more
Inappropriate Ads Found In Some Game Apps for Kids
Normally, Google's robust series of checks and audits are pretty good at catching malicious code and preventing it from making its way to the Play Store. Sometimes, however, something slips through anyway despite the company's best efforts. This latest one is particularly bad. Researchers from Check Point have identified a new strain of malware called "AdultSwine" lurking in more than sixty gaming apps on the Play Store. Each of these apps has been downloaded between 3 million and 7 million … Read more
