Ransomware continues to dominate the cyber threat community, with attackers wanting fast cash. Lately, security experts have come across a new ransomware that demands a $50 Amazon gift card instead of cryptocurrency as ransom. Dubbed as ‘ Unnam3d R@nsomware’, the ransomware moves victims’ files into password-protected RAR archives before displaying the ransom note. Apart from this, a new threat in VISA (Visualization of Internal Signals Architecture) debugging feature has been discovered in Intel chipsets. Researchers claim that the attackers can abuse the feature to intercept data from the computer memory and create spyware that works at the lowest possible level. There has also been a rise in robocall scams. In a major update, the Federal Bureau of Investigation (FBI) reported that the US citizens have lost over $40 million to Chinese Embassy robocall scams last year. The average loss per victim is estimated to be over $164,000. The scam works by scammers impersonating Chinese government officials and informing the victims that they have an important package to be picked up from the consulate.
Top Breaches Reported in the Last 24 Hours
US government's top secrets exposed
Harold T.Martin III has been found guilty
for taking classified documents of N.S.A.’s Tailored Access Operations hacking unit to home. Touted to be one of the biggest breaches, the FBI agents had stacked the documents and electronic storage devices in his car, his home and even in a garden shed. Investigators found that Martin has not shared the stolen secrets with anyone. However, they were astonished to find that Martin had been carrying these classified materials from the National Security Agency (NSA) and other security agencies for the past 20 years. Martin is likely to draw a nine-year prison sentence for this act.
Top Malware Reported in the Last 24 Hours
New ransomware named UNNAM3D R@NSOMWARE
has been found demanding victims a $50 Amazon gift card code instead of cryptocurrency, as ransom. The ransomware is distributed via email. Once installed, the ransomware moves the victims' files into password-protected RAR archives and demands the ransom.
Soula Watering Hole attack
Four South Korean websites have been found
Malicious Christchurch shooter manifesto
A modified version
of the Christchurch shooter manifesto that is used to deliver malware on to victims' machines has been discovered recently. The downloaded executable is called Haka.exe. It can overwrite the master boot record in Windows systems.
Trickbot trojan's latest attack
Researchers have found a new phishing campaign that distributes the infamous Trickbot
trojan. The malware arrives in the form of malicious VBScript embedded within a Word document. The VBScript is encrypted using the base64 algorithm. Once executed, the trojan creates a duplicate of itself and disables Windows Defender.
Top Vulnerabilities Reported in the Last 24 Hours
Vulnerable Intel's VISA
Researchers have discovered that the unknown
and undocumented Intel Visualization of Internet Signals Architecture (VISA) debugging feature could be abused to manipulate the data passing through the CPU. This can be done by exploiting vulnerabilities detailed in Intel’s Intel-SA-00086 security advisory.
Magento releases security updates
Magento has released
a series of security updates to fix a wide range of vulnerabilities that includes Cross-Site Request Forgery, Cross-Site Scripting, SQL Injection, and Remote Code Execution. The issues affect sites using both the Open Source and Commercial version of the software. Versions prior to 2.1.17, 2.2.8, and 2.3.1 are affected by the vulnerabilities.
20 flaws fixed in Cryptocurrency platforms
Seven cryptocurrency platforms have fixed
20 vulnerabilities in the last 2 weeks. The affected platforms are Omise, Monero, Stellar, Crypto.com, ICON, Robinhood, and
Augur. Among them, Omise had reported a total of eight security flaws.
Top Scams Reported in the Last 24 Hours
Robocall scams are on a rise
Chinese Embassy robocall scams
have cost the US citizens over $40 million last year. The Federal Bureau of Investigation revealed that around 35% of the victims are from California and New York. The scam works by impersonating the Chinese government. People who pick up these calls are told in Mandarin to pick up an important package from the consulate.
Office Depot tricked consumers
Office Depot and software firm Support[.]com has
been found guilty for tricking its consumers into buying redundant computer repair services. Following this, the firm has been asked to pay an amount of $35 million as a settlement. The companies used PC Health Check, a software program, as a sales tool to convince consumers to purchase tech repair services.
Posted on: March 29, 2019