• Security 101 for SMEs as Cyber Risks Rise
    Nearly half of all small businesses were targeted by cybercriminals last year. SMEs face many of the same cyber threats that large organizations face, such as ransomware, identity theft, spyware, and more.Read More
  • APIs and Cybercrime: The State in 2019 So Far
    With APIs slowly becoming popular tech terminology, cybercriminals are exploring what they can do with it too. This year saw multiple instances of an unsecured API being used to gain unauthorized data access.Read More
  • LA Officials Warn About USB Charger Scam
    The Los Angeles County District Attorney’s Office has warned against using USB charging ports in public places such as hotels and airports. The warning says that these ports may be used as a medium to distribute malware to infect user devices.Read More
  • Data Breaches Become Worse as 7.9 Billion Records Get Exposed in the First Nine Months of 2019
    This is an increase of 112% in total records exposed over the same period in 2018. 1,692 out of 5,183 breaches were reported only in the U.S.Read More
  • New Javascript Skimmer ‘Pipka’ Found Targeting E-commerce Websites
    The malware has been found to have infected at least 16 e-commerce websites so far. The malware tries to evade detection by removing itself from the HTML code of a compromised website after it successfully executes.Read More
  • Following the Latest YouTube Scam, Here’s What You Need to Know About Malware Attacks Delivered Through Videos
    In today’s world videos are popular among all age groups. Cybercriminals are leveraging this popularity to deliver malware. There are a variety of attacks involving videos such as adding malicious links in video descriptions or embedding malware in a Word document containing a video.Read More
  • Feature or Flaw: The Strange Case of the AnteFrigus Ransomware
    Researchers have spotted a new ransomware strain dubbed AnteFrigus that displays unusual characteristic traits. It targets only the drives that are associated with removable devices and mapped network drives.Read More
  • CPUs Under Attack: ZombieLoad returns in new variant and TPM-FAIL vulnerabilities put billions of devices at risk
    ZombieLoad 2 works against older as well as recent Intel processors including Cascade Lake architecture. Encryption keys, passwords, and digital certificates of billions of device owners could be at risk due to the newly discovered vulnerabilities.Read More
  • Chrome, Edge, Safari hacked at elite Chinese hacking contest
    The first edition was held in the fall of 2018 to great success, with researchers successfully hacking apps like Edge, Chrome, Safari, iOS, Xiaomi, Vivo, VirtualBox, and more. Of these, 13 were successful, seven hacking sessions failed, and in 12 sessions security researchers abandoned exploitation attempts, for various reasons. Of the successful sessions, Tianfu Cup organizers reported successful hacks of: (2) Chrome hacks [tweet] In the past, many software vendors have begun to attend hacking competitions, where they send representatives to pick up vulnerability reports minutes after a hacking session ends -- with some vendors shipping patches within hours. There were few vendors at Tianfu Cup; however, with many high-profile successful exploits being recorded in the competition's first two editions, many companies will most likely begin considering sending a representative next year.Read More
  • ‘Magic: The Gathering’ game maker exposed 452,000 players’ data
    The maker of Magic: The Gathering has confirmed that a security lapse exposed the data on hundreds of thousands of game players. The game’s developer, the Washington-based Wizards of the Coast, left a database backup file in a public Amazon Web Services storage bucket. The database file contained user account information for the game’s online arena. The bucket is not believed to have been exposed for long — since around early-September — but it was long enough for U.K. cybersecurity firm Fidus Information Security to find the database. A review of the database file showed there were 452,634 players’ information, including about 470 email addresses associated with Wizards’ staff. Bruce Dugan, a spokesperson for the game developer, told TechCrunch in a statement: “We learned that a database file from a decommissioned website had inadvertently been made accessible outside the company.” “We removed the database file from our server and commenced an investigation to determine the scope of the incident,” he said.Read More
  • Multiple 2K Social Media Accounts Hacked And Posting Offensive Material
    It appears that multiple 2K-related social media accounts were hacked on Friday night. The Twitter account of Ronnie 2K aka Ronnie Singh the Digital Brand Manager for the NBA 2K series, and the official 2K Facebook page were the targets as hackers posted offensive material on the accounts. Racial slurs, and other unfortunate posts littered the timelines of the accounts’ millions of followers. The 2K Twitter and the WWE 2K Twitter account posted the following message in acknowledgment of the situation. Ronnie 2K’s account later posted a similar message: Many have experienced their social media accounts being hacked, but this is a bit different.Read More
  • CAH Holdings Issues Notice of Data Security Incident
    BIRMINGHAM, Ala., Nov. 15, 2019 /PRNewswire/ -- CAH Holdings Inc. (CAH) recently learned of a data security incident involving some employee email accounts that may have impacted a limited amount of personally identifiable information and protected health information (PHI). To assist with the investigation, CAH hired independent computer forensic experts to determine what occurred, and what information may be at risk. The forensic investigation determined that an unauthorized actor gained access to some of its corporate email accounts. CAH reviewed the contents of the email accounts, and determined that limited information related to names, medical treatment history and diagnoses, and health benefits was contained in the accounts. Although we are not aware of any misuse of any information, as an added precaution, we are offering, at no cost to the individual, credit monitoring and identity theft protection through ID Experts®. "The privacy and protection of our customers' information is a matter we take very seriously, and we are committed to taking steps to prevent this type of incident from occurring in the future."Read More
  • Nunavut government computer systems coming back online after cyber attack
    Nearly two weeks after the government of Nunavut was hit with a ransomware strike, its computer systems are starting to come back online. (CBC)The Nunavut government is slowly returning to normal nearly two weeks after its computer systems were paralyzed by a cyber attack. All Nunavut government computers were paralyzed on Nov. 2 when a ransomware virus entered the system. This ransom note appeared on government of Nunavut computers when users attempted to open any files. (Name withheld by request) Government didn't pay ransom The government says it refused to pay the ransom and offices were forced to rely on fax machines, paper forms and telephone calls while the system was repaired.Read More
  • New NextCry Ransomware Encrypts Data on NextCloud Linux Servers
    Its name is NextCry as it was discovered on a Linux machine running Nextcloud server. Zero detection xact64, a Nextcloud user, posted on the BleepingComputer forum some details about the malware in an attempt to find a way to decrypt personal files. Although his system was backed up, the synchronization process had started to update files on a laptop with their encrypted version on the server. Looking at the malware binary, Michael Gillespie said that the threat seems new and pointed out the NextCry ransomware uses Base64 to encode the files. Nexcloud servers targeted The ransom note is in a file named “READ_FOR_DECRYPT” stating that the data is encrypted with the AES algorithm with a 256-bit key. Nextcloud’s recommendation for administrators is to upgrade their PHP packages and NGINX configuration file to the latest version.Read More
  • Stealthy Malware Flies Under AV Radar with Advanced Obfuscation
    A threat campaign active since January customizes long-used droppers to infect victim machines and lift credentials and other data from browsers, according to Cisco Talos. Cisco Talos said the wave of ongoing campaigns use custom droppers to plant information-hijacking malware such as Agent Tesla and Loki-bot into common application processes. “The adversaries use custom droppers, which inject the final malware into common processes on the victim machine,” wrote Holger Unterbrink, a researcher with Cisco Talos, a blog post about the new research. “Once infected, the malware can steal information from many popular pieces of software, including the Google Chrome, Safari and Firefox web browsers.” Unterbrink said the adversaries use injection techniques that have been employed for many years, but with new, custom capabilities that are making them difficult for anti-virus (AV) protections to detect, Unterbrink wrote. Multistage Attack Chain The dropper campaigns researchers observed work in several stages that use “obfuscation chains” to elude modern AV protections, Unterbrink said.Read More
  • US Govt Recommends Vendor System Configs To Block Malware Attacks
    The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) today reminded users and system administrators to properly configure their systems to defend against malware that can exploit improper configurations. "Doing so in addition to maintaining regular patch maintenance, will help give your systems and networks the best security possible." Malware protection guidance Besides encouraging administrators and users to properly configure their computing systems to avoid potential malware attacks, CISA also provides a list of security practices that will help drastically reduce malware risks if followed. The agency's ST18-004 security tip revised in April 2019 recommends installing and maintaining anti-malware solutions, using caution when clicking and opening links and attachments received by email, blocking pop-up advertisements to defend against malvertising, and using accounts with limited user permissions to prevent malware from spreading.Read More
  • East Texas School District Suffers Ransomware Attack
    (TNS) — Port Neches-Groves ISD, which is near Beaumont, Texas, lost access to files on all computer systems Tuesday afternoon after being attacked by ransomware, a type of cyberattack that renders files unusable then demands money for restoring access. Superintendent Mike Gonzales said the attackers were asking for a “sizable amount of money,” and that several local law enforcement agencies and cybersecurity specialists were working to get the computers up and running again. “It is sad that they would do this to a school district,” Gonzales said. Once the malware gets access to a computer or server, it encrypts the user’s files and demands a ransom in exchange for providing a key to decrypt the files. Connor Hagan of the FBI’s Houston office said email phishing campaigns are the most common malware attacks. Gonzales said the district will bounce back, despite the inconvenience from the attack.Read More
  • Undocumented Access Feature Exposes Siemens PLCs to Attacks
    Siemens is working on addressing a vulnerability that can be exploited by a skilled attacker to execute arbitrary code on its SIMATIC S7-1200 programmable logic controller (PLC) by abusing a hardware-based access mode. However, they discovered that an attacker who has physical access to a PLC could abuse it — through a cold boot attack — by sending a special command via the universal asynchronous receiver-transmitter (UART) interface during the first half second of the PLCs booting process, which allows them to dump the firmware from the memory. An attacker can also leverage a combination of diagnostic functionalities to achieve arbitrary code execution in the bootloader stage, before the PLC firmware is loaded. On the other hand, the researchers pointed out that this special access feature could also be leveraged by the owner of a PLC to conduct forensic analysis. Now, using this special access, companies [performing forensic analysis] can have a snapshot of the memory of the PLC at the time of the crash and further investigate if there is an infection on the PLC.”Read More