• Ryuk Ransomware: A brief look into the ransomware’s origin and its high-profile attacks
    Ryuk Ransomware: A brief look into the ransomware’s origin and its high-profile attacks. The group operating Ryuk ransomware has earned over 705.80 BTC across 52 transactions for a total current value of $3,701,893.98 USD. Code similarities between Ryuk and Hermes reveal that Ryuk was derived from the Hermes source code.Read More
  • Mimikatz: An offensive tool that is widely used by cybercriminals
    Mimikatz, an offensive tool that is widely used by cybercriminals. It provides a wide range of functions, thus enabling both organized criminals and state-sponsored groups to obtain credentials from memory. Mimikatz exploitation tool was developed in 2017 to target Windows systems.Read More
  • Fallout Exploit Kit: A deep dive into the exploit kit’s campaigns distributing various malware strains
    Fallout exploit kit was first spotted in a malvertising campaign affecting users in Japan, Korea, the Middle East, Southern Europe, and more. Later, the exploit kit was spotted distributing GandCrab ransomware, SAVEfiles ransomware, Kraken Cryptor ransomware, DanaBot trojan, Nocturnal malware, GlobeImposter ransomware, AZORult variants, Vidar malware, and more.Read More
  • Deep dive into the 10-year old Conficker worm that continues to pose a threat worldwide
    Deep dive into the 10-year old Conficker worm that continues to pose a threat worldwide. The worm remains a potent threat for organizations especially those in the manufacturing, healthcare and government sector. The worm propagates via removable devices, network drives and by attacking the CVE-2008-4250 vulnerability.Read More
  • Magecart Threat Group: A brief look into Magecart’s subgroups and high-profile attacks
    Magecart Threat Group: A brief look into Magecart’s subgroups and high-profile attacks The card-skimming threat group has made 7 group appearances attacking thousands of victims over the past 4 years. The threat group was responsible for attacks against British Airways, Ticketmaster, the National Republican Senate Committee, Cancer Research UK, Feedify, Oxo, Groopdealz, Everlast, and Newegg.Read More
  • Dharma Ransomware: A deep dive into the ransomware’s new variants and massive attacks
    Dharma ransomware made its first appearance in November 2016 after the master decryption keys for the Crysis ransomware was released to the public. Dharma ransomware primarily targets healthcare providers in the United States.Read More
  • Shamoon Malware: A brief understanding of the data-wiping malware’s attacks
    Shamoon is a destructive malware designed to wipe infected systems by overwriting files with unwanted rubbish data. The data-wiping malware targets organizations in the United Arabic Emirates, Saudi Arabia, and Europe.Read More
  • Millions of dollars stolen in scam by taxi drivers in Toronto, Police arrests six
    Millions of dollars stolen in scam by taxi drivers in Toronto. Since 2018, the Greater Toronto Area is facing a major taxi fare crisis that involves drivers defrauding customers. The criminal drivers rely on customized Point-of-Sales (POS) machines to steal the payment card information for later draining the customers' accounts.Read More
  • Arrested Portuguese hacker is Football Leaks 'whistleblower' - lawyers
    LISBON (Reuters) - A Portuguese man arrested in Hungary on suspicion of extortion and secrecy violations hacked football bodies' documents - which later appeared on the Football Leaks website - because he was "outraged" by criminality in the sport, his lawyers said. The man, named by his lawyers as 30-year-old Rui Pinto, was detained in Hungary on Wednesday on a European arrest warrant filed by Portuguese police who want to extradite him. Asked by Reuters if the arrested man was Rui Pinto, Carlos Cabreiro, the Portuguese police's head of cyber crime, said he could not comment. Pinto, they said, became an "important European whistleblower for Football Leaks" and his revelations have "enabled numerous European judicial authorities to gain knowledge of criminal practices in the world of football". According to Pinto's lawyers, Doyen Sports, a Malta-based investment company providing funds to football clubs, filed a criminal complaint against Pinto in Portugal in 2015. The spokesperson said the case had been on hold until emails from Portugal's biggest football team, Benfica, were leaked in 2017, prompting Portuguese police to act.Read More
  • Popular WordPress plugin hacked by angry former employee
    A very popular WordPress plugin was hacked over the weekend after a hacker defaced its website and sent a mass message to all its customers revealing the existence of supposed unpatched security holes. According to its website, WPML has over 600,000 paying customers and is one of the very few WordPress plugins that is so reputable that it doesn't need to advertise itself with a free version on the official WordPress.org plugins repository. The attacker, which the WPML team claims is a former employee, sent out a mass email to all the plugin's customers. Both on Twitter[1, 2] and in a follow-up mass email, the WPML team said the hacker is a former employee who left a backdoor on its official website and used it to gain access to its server and its customer database. WPML claims the hacker used the email addresses and customer names he took from the website's database to send the mass email, but he also used the backdoor to deface its website, leaving the email's text as a blog post on its site [archived version here]. The WPML team also said the hacker didn't gain access to the source code of its official plugin and did not push a malicious version to customers' sites.Read More
  • BlackRock exposes confidential data on thousands of advisers on iShares site
    Home > Banking & Finance Sat, Jan 19, 2019 - 10:18 AM [NEW YORK] BlackRock, the world's largest asset manager, inadvertently posted confidential information about thousands of financial adviser clients on its website. The documents included names and email addresses of financial advisers who buy BlackRock's exchange traded funds (ETFs) on behalf of customers. On another, the advisers were categorised in a variety of ways such as "dabblers" or "power users". A column noted their "Club Level" including the "Patriots Club" or "Directors Club". "We are conducting a full review of the matter," spokesman Brian Beades said in a statement Friday. "The inadvertent and temporary posting of the information relates to two distribution partners serving independent advisers and does not include any of their underlying client information." BlackRock, which oversees assets of almost US$6 trillion, is the world's largest issuer of ETFs.Read More
  • Critical, Unpatched Cisco Flaw Leaves Small Business Networks Wide Open
    A critical and unpatched vulnerability in the widely deployed Cisco Small Business Switch software leaves the door open to remote, unauthenticated attackers gaining full administrative control over the device – and therefore the network. An administrator may disable this account by configuring other user accounts with access privilege set to level 15. However, if all user-configured privilege level 15 accounts are removed from the device configuration, it re-enables the default privileged user account without notifying administrators of the system. “[It] could allow an unauthenticated, remote attacker to bypass the user-authentication mechanism of an affected device.” Since the switches are used to manage a LAN, a successful exploit means that a remote attacker would gain access to network security functions such as firewalls, as well as the management interface for administering voice, data and wireless connectivity for network devices.Read More
  • Cyberattack forces Health Sciences North to place systems on downtime at 24 hospitals
    Home > News A cyberattack on Health Sciences North in Sudbury, Ontario, yesterday has reportedly disrupted multiple systems at 24 of the Canadian health provider’s hospital facilities in the northeastern part of the province. Dominic Giroux, CEO of Health Sciences North, said the virus that caused the incident “is not captured by the current anti-virus tools that are available on the market,” the CBC News has reported. “As a safety measure, we put all our systems on downtime to avoid any contamination of the systems at HSN.” The epicenter of the infection reportedly took place in HSN’s cancer program system, but the downtime also is affecting electronic medical records, medical imaging systems and email and office productivity software. Fortunately, Giroux said there was no data breach and the data was not corrupted by the malware. Please login or register first to view this content. Login RegisterRead More
  • Accused 'Methbot' ringleader, Aleksandr Zhukov, extradited to U.S.
    Written by Jeff Stone Jan 18, 2019 | CYBERSCOOP The accused ringleader of “Methbot,” an alleged digital ad fraud scheme, pleaded not guilty on Friday to charges related to defrauding companies out of millions of dollars. Aleksandr Zhukov, a 38-year-old Russian national, appeared in a Brooklyn courtroom Friday to deny charges that he was involved in an advertising fraud scheme from September 2014 through December 2016. Judge Mann also granted an order of executable delay, providing Zhukov’s attorney, Igor Litvak, more time to negotiate a plea deal with prosecutors. Zhukov is the lead defendant in the Methbot case, in which he and four other men are accused of renting more than 1,900 computer servers to simulate humans viewing ads on fabricated web pages. The group developed relationships with ad networks, which paid the Methbot group roughly $7 million in the fraud scheme, prosecutors said in a November indictment. Zhukov worked as the CEO of that group, described in the indictment as “Ad Network #1,” and directed roughly $5.4 million from one account into a corporate account located in New Zealand, prosecutors said.Read More
  • Senate Aging Committee Hearing on Combating Elder Fraud
    Getty Images Older adults lose an estimated $2.9 billion each year to financial scams, according to a Senate committee report released this week. Law enforcement struggles to fight these scams because it’s “like playing a game of whack-a-mole,” said Sen. Susan Collins (R-Maine), who chairs the Special Committee on Aging, before a Wednesday hearing on fighting elder fraud. “Many scams are perpetrated by criminals operating from foreign call centers, beyond the reach of state and local law enforcement and thousands of miles from the seniors whom they victimize,” she said. As part of the hearing, the committee released its 2019 report on the top 10 scams targeting seniors in 2018. The most prevalent scam, out of more than 1,500 complaints to the panel's hotline, involved Internal Revenue Service (IRS) impersonators who conned people into coughing up tens of millions of dollars.Read More
  • WiFi firmware bug affects laptops, smartphones, routers, gaming devices
    Details have been published today about a vulnerability affecting the firmware of a popular WiFi chipset deployed in a wide range of devices, such as laptops, smartphones, gaming rigs, routers, and Internet of Things (IoT) devices. Discovered by Embedi researcher Denis Selianin, the vulnerability impacts ThreadX, a real-time operating system (RTOS) that is used as firmware for billions of devices. In a report published today, Selianin described how someone could exploit the ThreadX firmware installed on a Marvell Avastar 88W8897 wireless chipset to execute malicious code without any user interaction. The researcher chose this WiFi SoC (system-on-a-chip) because this is one of the most popular WiFi chipsets on the market, being deployed with devices such as Sony PlayStation 4, Xbox One, Microsoft Surface laptops, Samsung Chromebooks, Samsung Galaxy J1 smartphones, and Valve SteamLink cast devices, just to name a few. All an attacker has to do is send malformed WiFi packets to any device with a Marvell Avastar WiFi chipset and wait until the function launches, to execute malicious code and take over the device.Read More
  • Health-care sector is far too vulnerable to cybersecurity threats
    In spite of this vast potential, though, there exists a serious challenge that hospitals and health-care organizations have not yet managed to overcome: keeping patients’ personal data out of the hands of hackers. Cyber incidents can potentially impact the safety of patients through interrupting care operations, compromising the integrity of data and damaging medical devices. So, what can health-care organizations do to protect the safety of their patients from cyber threats? When it comes to investing in technology, many health-care organizations opt to fund information technology (IT) infrastructure not cyber security. Organizations must provide rigorous, ongoing training that helps employees understand how to create a more secure environment for their patients. If health-care organizations don’t shore up cybersecurity, the next cyber incidents could directly compromise the safety of patients, and it will be too late to intervene.Read More
  • France to invest more money and staff in cyber defense: minister
    Source: Xinhua| 2019-01-18 21:59:14|Editor: mmm Video PlayerClose PARIS, Jan. 18 (Xinhua) -- France planned to pour more money and human resources into cyber military resources to better defend against cyber attacks from foreign countries, Defense Minister Florence Parly announced on Friday. Presenting the country's strategy of military cyber defense, Parly warned "France is plagued by enough threats ... (and) the cyber war has begun and France must be ready to fight." "We must prepare our armies for this new war, ensuring that they have an offensive computer control capabilities. In case of cyber attack, we have the right to retaliate, in the respect of the right," she said. In a bid to translate pledges into deeds, the minister decided "to increase the resources and consolidate the structure" mainly by investing 1.6 billion euros (1.82 billion U.S. dollars) to bolster the domestic cyber defense and hire additional 1,000 "cyber-fighters" by 2025.Read More