• Watch out! The Ryuk ransomware decryptor does not promise full recovery now
    The Ryuk ransomware decryptor fails to decrypt certain large files due to a special condition set in a new variant of the ransomware. A new variant of the ransomware does not encrypt large files to prevent the attack from being detected as otherwise, the encryption process will take too long.Read More
  • Cyberattack at Pensacola impacts city-wide government systems
    City officials became aware of the attack at about 1:30 am (6:30 GMT) Saturday. There hasn’t been any official statement about connections between the two types of attacks in the same city.Read More
  • Banner Health reaches $6 million settlement to resolve lawsuits pertaining to 2016 data breach
    The incident occurred after threat actors used the payment processing system as a gateway to gain access to servers containing patient data. The stolen data included a trove of sensitive information belonging to 3.7 million patients.Read More
  • Cybercriminals Use Green Padlock Icon to Trick Victims
    The green padlock icon has been associated with security for quite some time. Although Google has abandoned it for its Chrome browser, the icon continues to be considered as an indicator of safety.Read More
  • New Snatch Ransomware Variant Avoids Detection Using Safe Mode
    Researchers have spotted a new variant of the Snatch ransomware that avoids antivirus detection by rebooting machines to Safe Mode. This ransomware is believed to be active at least from the 2018 summer, but the Safe Mode enhancement appears to be a recently added feature.Read More
  • Do you know I know? BMW staff let the attackers move freely inside their network
    The group used both Windows and Mac malware in its campaigns delivered to the victims via watering hole attacks. A group of experts believe that the group was after intellectual property for its government and to help state-owned companies.Read More
  • Your NAS Devices are under Threat From Ransomware, Say Researchers
    The number of ransomware attacks has shot up, with such incidents being reported quite often, especially in sectors such as healthcare and government agencies. Now, security experts are saying that ransomware strains are targeting NAS and backup storage devices.Read More
  • New Phishing Campaign Uses Self-Contained Webpage to Steal Credentials
    Researchers have spotted a new phishing campaign that steals credentials. However, this campaign is different from the commonly observed ones. The email used in this campaign was seen to contain the traditional payment notice phishing text.Read More
  • Cyberattack costs Woodstock $667K
    "Those are the email addresses you would need to use to engage with the threat actors." Creery said the municipality had already backed up all the data that became encrypted and inaccessible, and decided early on not to engage with the hacker. "If we had reached out and paid ransom, we would have gotten the keys back to our network faster, we would have been able to get back our system quicker, but we would have been working with a system that can't be trusted," said Creery.  City services that used a third party software– like transit, facility booking and recreation programming – continued to operate after the attack. "While people could use our transit system, the difficulty would be if one of our transit buses broke down and we had to bring it back to our shop to diagnose the problem," he said. "To diagnose you need an Internet connection, and we couldn't deploy Internet without [risk]." Creery said the attack was largely resolved within two months. "The cost is commensurate with the size of the network that we have and the complexity of the network," said Creery.Read More
  • BAE Systems to Develop New Cyber Tools for DARPA to Improve Security of Electronic Data Formats
    BAE Systems has been awarded a contract by the U.S. Defense Advanced Research Projects Agency (DARPA) to develop new cyber tools designed to help prevent vulnerabilities in electronic files that can lead to cyberattacks. Development of these tools will be part of DARPA’s Safe Documents (SafeDocs) program, which aims to more effectively identify and reject malicious data in a variety of electronic formats. BAE Systems will develop new cyber tools designed to help prevent vulnerabilities in electronic files that can lead to cyberattacks. As part of the SafeDocs program, BAE Systems’ FAST Labs™ research and development team will create two different cyber tools. "Research on the SafeDocs program will leverage BAE Systems’ expertise in cyber, algorithmic, and systems engineering domains to give developers tools that currently don’t exist in government or commercial markets to more easily and efficiently ensure the security of electronic documents," said Anne Taylor, product line director of the Cyber Technology group at BAE Systems. The research for Phase 1 of the SafeDocs program, which is being developed with funding from DARPA, adds to BAE Systems’ cyber technology portfolio.Read More
  • UK Government Issues Cybersecurity Warning to Charities
    A spokesperson for the Charity Commission said: "We have received several reports from charities who have been targeted by fraudsters impersonating members of staff, specifically attempting to change employees bank details." The Charity Commission urged all of the nation's charities to be on the lookout for similar requests to their HR department, finance department or staff with the authority to update employee bank details. Charities are advised not to open any attachments or click on any links contained within unexpected or unusual emails and to take action to verify the validity of any emails requesting changes to an employee's details. If in doubt, request clarification from an alternatively sourced email address or phone number," said ta Charity Commission spokesperson. To help reduce the likelihood of becoming a target for fraudsters, the Charity Commission advised charities to think twice about how they handle sensitive information. The more information they have about your charity and employees, the more convincingly they can appear to be one of your legitimate employees," said a Charity Commission spokesperson.Read More
  • Blunt the Effect of the Two-Edged Sword of Vulnerability Disclosures
    Then, Mirai source code was released to open-source communities, spawning copycat versions that aimed brute-force attacks at hardware listening via Secure Shell (SSH). To increase the rate of compromise, these attacks exploited a variety of flaws in weakly secured Internet-of-things (IoT) devices. (Source: Ixia 2019 Security Report) Variant 2 was responsibly disclosed: the researcher warned the development team, giving them time to create and issue a patch before the exploit details became public. (Source: Ixia 2019 Security Report) Forewarned is forearmed, and a closed community of trusted peers can be the best way to gain time, reduce risk, and preempt the next wave of attacks.Read More
  • Adobe Releases Their December 2019 Security Updates
    Adobe has released their monthly security updates that fix vulnerabilities in Acrobat, Reader, Photoshop CC, Brackets, and ColdFusion. With Adobe's December 2019 security updates, Adobe Acrobat and Reader get the lion's share of vulnerability fixes with 14 Critical code execution and 7 Important vulnerabilities. Below are the Adobe December 2019 security updates: APSB19-55 - Security update available for Adobe Acrobat and Reader Adobe has released a security update for Adobe Acrobat and Reader that fixes 21 vulnerabilities, with many of the being labeled Critical. APSB19-56 Security update available for Adobe Photoshop CC A security update for Adobe Photoshop CC has been released that fixes two Critical memory corruption vulnerabilities that could lead to arbitrary code execution. APSB19-57 Security update available for Brackets A critical vulnerability in Adobe Brackets could allow attackers to perform command injection that leads to arbitrary code execution.Read More
  • CyberGRX raises $40 million to disrupt the third-party cyber risk management market
    CyberGRX, provider of the world’s first and largest global cyber risk exchange, announced that it has raised $40 million in Series D funding led by ICONIQ Capital, who has also backed fast growth companies such as Datadog, Gitlab, Procore and Snowflake. With this raise, CyberGRX will continue to disrupt industry inertia around third-party cyber risk management (TPCRM) by advancing its innovative and proven approach to reducing third-party cyber risk. “We are excited to partner with CyberGRX to actively support its continued growth and focus on product innovation,” said Pepper. “As third-party related breaches continue to increase and as enterprises are exposed to an increasing number of third-party cyber risks, we recognize there is a clear need in the market for a modern approach to third-party cyber risk management.Read More
  • Hundreds of counterfeit online shoe stores injected with credit card skimmer
    There’s a well-worn saying in security: “If it’s too good to be true, then it probably isn’t.” This can easily be applied to the myriad of online stores that sell counterfeit goods—and now attract secondary fraud in the form of a credit card skimmer. We recently identified a credit card skimmer injected into hundreds of fraudulent sites selling brand name shoes. Counterfeit shoes by the truckload Think of the web as a never-ending whack-a-mole war between brands, security teams, and fraudsters—as legitimate companies work with security to take down one counterfeit site, another soon pops up. Crooks troll sporting and fitness forums and leave messages to entice users to visit the fake store: Here’s that same counterfeit site selling Adidas, Nike, and other big brand name sneakers: trainersnmd[. Mass credit card skimmer injection The skimming code was appended to a JavaScript file called translate.js. Based on our crawlers, we see new e-commerce sites fall victim to web skimmers every day.Read More
  • This Alleged Bitcoin Scam Looked a Lot Like a Pyramid Scheme
    Now five men behind a company called BitClub Network are accused of a $722 million scam that allegedly preyed on victims who thought they were investing in a pool of bitcoin mining equipment. Investors were invited to send BitClub Network cash, which would allow the company to buy mining equipment—machines that produce bitcoin through a process called hashing. In October 2014, a few months after BitClub Network was founded, Goettsche allegedly posted about the need to “fak[e] it for the first 30 days while we get going,” instructing a co-conspirator to do some “magic” on the company’s revenue numbers. Later, Goettsche allegedly suggested the company “bump up the daily mining earnings starting today by 60%.” The defendants also allegedly sold shares of the company in violation of securities law, traveling around the world with marketing materials that touted the company as “transparent” and “too big to fail.” (The BitClub website now has a disclaimer saying investments are not available to investors in the US or the Philippines.)Read More
  • Chrome 79 Released With Security Improvements, Proactive Tab Freeze, and More
    Phishing page alert Compromised Password alerts With Chrome 79, Google is rolling out a feature that will display an alert when logging into a site if your login credentials were compromised during a data breach. Reported by Khalil Zhani on 2019-10-24 Medium CVE-2019-13743: Incorrect security UI in external protocol handling. Reported by Zhiyang Zeng of Tencent security platform department on 2017-08-10 Medium CVE-2019-13744: Insufficient policy enforcement in cookies. Reported by David Erceg on 2019-08-14 Medium CVE-2019-13749: Incorrect security UI in Omnibox. Reported by Khalil Zhani on 2017-04-05 Low CVE-2019-13757: Incorrect security UI in Omnibox. Reported by Wenxu Wu (@ma7h1as) of Tencent Security Xuanwu Lab on 2018-11-05 Low CVE-2019-13761: Incorrect security UI in Omnibox.Read More
  • Amid Pensacola cyber attack, expert warns more hacks on the way
    As Pensacola, Florida, battles a cyber attack that shut down much of the city’s network, one expert says more state and local governments are at risk as their systems remain vulnerable. Costs related to an event like what is transpiring in Pensacola can be “serious,” Wright said. It is unclear whether the city is being asked to pay ransom, however other cities — like Baltimore and Atlanta — have been asked to pay to have their systems unlocked. Hackers demanded $76,000 worth of bitcoin from Baltimore – but the attack will end up costing the city north of $18 million – in direct costs related to restoring systems and recovery efforts, and indirect costs from potential lost or delayed revenue, according to the Baltimore Sun. Wright said Atlanta and Baltimore are recovering from their respective attacks. In a Facebook post on Monday, the Pensacola City Government said that affected city services include emails and phones, customer service and online payments.Read More