Ransomware has become the number one security risk to businesses and users. In situations where an organization does not have back up files, a decryption key is the only way to unscramble the encrypted files. Lately, security researchers have cracked the decryption key for MegaLocker or NamPoHyu Virus ransomware.
The MegaLocker ransomware was first detected in March 2019. It appends the encrypted files using .cryptd extension. However, in early April 2019, the ransomware switched its name to NamPoHyu Virus and started appending the .NamPoHyu extension to encrypted files.
The past 24 hours saw a major fake tech support scam that leveraged Google search results to push fake ads for customer contact numbers of popular sites such as Amazon, PayPal, and eBay. These ads look legitimate on mobile browsers. However, this is not the case in the desktop version of the Google search result page. The contact numbers on the desktop version were shown with parenthesis, pipes, and Unicode symbols, thus making it less convincing to users.
Top Breaches Reported in the Last 24 Hours
Porr company affected by cyberattack
A cyberattack on the communication infrastructure of Austrian construction company Porr has disrupted the firm’s telephone lines and email systems. The damage has been caused by an unidentified virus. Technicians are working to find a solution and estimate the potential damage. Porr has revealed that the company’s data is safe.
UNIFAST’s database breached
Hackers have breached a database of the Unified Student Assistance System for Tertiary Education (UNIFAST) to steal the personal information of 1,130,899 Tertiary Education Subsidy (TES) applicants. The database contained student identification numbers, full names, birth dates, parents’ names and addresses of applicants. The hack took place on March 16, 2019.
A major update on US Power grid attack
An update on the cyber attack that disrupted the electrical system operations in California, Utah and Wyoming has resurfaced recently. The cyber event that took down systems of an energy company on March 5, 2019, was due to a DDoS attack. The affected company provided power in several western U.S. states. The attackers leveraged a known software vulnerability to launch the attack.
Top Malware Reported in the Last 24 Hours
Decryptor for ‘NamPoHyu Virus’ ransomware
Emsisoft has released a decryptor tool for the MegaLocker or NamPoHyu Virus ransomware that has been targeting Samba servers. The MegaLocker ransomware made its first appearance in March 2019 and later in early April, its name was changed to NamPoHyu. The NamPoHyu virus appends the encrypted files with extension with the same name.
New Qakbot variant
Magecart’s card skimming attack expands
Top Vulnerabilities Reported in the Last 24 Hours
Orpak SiteOmat software vulnerable
Several vulnerabilities have been discovered in the Orpak Site Omat software. The bugs affect all the versions of SiteOmat prior to 6.4.414.084 and 6.4.414.122. One of the critical bugs, tracked as CVE-2017-14728, can allow an attacker to gain access to the system’s configuration, including payment information. The bug can also shut down the system altogether. Orpak recommends users of affected versions to update to the latest version v6.4.414.139.
Revive Adserver patches flaws
Revive Adserver has patched two vulnerabilities by releasing a new version - 4.2.0. Out of the two flaws, one has been marked critical with a CVSS score of 10. It is classified as deserialization of untrusted data vulnerability. The second vulnerability has a CVSS rating of 4.2.
Vulnerable D-Link DCS 2132L cloud camera
Multiple vulnerabilities have been discovered in D-Link DCS 2132L cloud camera. The flaws include unencrypted cloud communication, insufficient cloud message authentication, and unencrypted LAN communication. Some of these flaws have been mitigated, while patches for rest of the flaws are yet to be released.
Top Scams Reported in the Last 24 Hours
Fake customer support numbers
Google search result was displaying fake customer support numbers for popular sites such as Amazon, PayPal, and eBay. These ads look legitimate on smartphones. However, on the desktop version, they look different as the numbers are separated by parenthesis, pipes, and Unicode symbols. It is believed that scammers are using symbols to bypass Google’s automated ad quality screening tools. Google, on the other hand, has assured that it removed the ads as they violated the company’s policies. Users are urged to report such ad scams - appearing on Google search result - using Google’s ad flagging tool.