Vaporizer chargers can contain malware

by

Vaporizers (AKA E-cigarettes) have been gaining some serious traction and widespread use over the past few years. The sudden surge of popularity isn’t too surprising considering the fact that the health implications of nicotine consumption are vastly more favorable with vaporizers when compared to traditional cigarettes. Most Vaporizers charge through a propriety connection to USB that looks something like this: In a recent reddit post, the poster reported that an executive at a large corporation had a data security breach on his system from malware, the source of which could not be determined initially. The machine was patched up to date, […]

Continue Reading »

Safe Online Shopping, Happy Online Shopping – 5 Security Tips for the Holiday Season

by

The holiday season is almost upon us, which means the holiday shopping season is also almost upon us. And as always, it’s bound to be a crazy time of scrambling for the biggest and best deals, both in stores and online. But while your wallet is destined to take a hit as you stack up on gifts for your family and friends, you want to make sure cybercrooks don’t make your list of people who will be receiving presents this year. Sadly, with 2014 being labeled by some as ‘The Year of the Hack’, it may be easier for them than ever […]

Continue Reading »

CoinVault

by

  Today we encountered a new type of encrypting ransomware that looks to be of the cryptographic locker family. It employs the same method of encryption and has a very similar GUI (kills VSS, increases required payment every 24hr, uses bitcoin payment, ect.). Here is the background that it creates – also very similar. What’s unique about this variant that I wanted to share with you all is that this is the first Encrypting Ransomware that I’ve seen which actually gives you a free decrypt. It will let you pick any single file that you need after encryption and will decrypt […]

Continue Reading »

A Recap of the JP Morgan Breach

by

There is a clear trend that every year there are bigger targets compromised with increased frequency with more personal data being collected. The recent attack on JP Morgan Chase is especially alarming considering they are the largest US bank and hackers had gained access to numerous servers with administrative access for nearly a month before being detected. According to reports, JP Morgan Chase account details for every consumer and business customer, including to name, address, email address and phone number, were compromised. Fortunately more specific details such as account numbers, social security numbers (SSNs) and passwords were not accessed. This […]

Continue Reading »

We analyze Cryptobot, aka Paycrypt

by

Recently during some research on encrypting ransomware we came across a new variant that brings some new features to the table. It will encrypt by utilizing the following javascript from being opened as an attachment from email (posing as some document file).   Once full encrypted you’ll get a popup text document informing you that all your files have been encrypted and how to pay money to get your key to decrypt. This specific sample is Russian, and the instructions were also in Russian so I didn’t show it here. The really interesting thing about this variant that I wanted to share […]

Continue Reading »

What To Know About Apple and WireLurker

by

Everyone’s heard the saying ‘Macs aren’t malware-proof’, right? Oh, you haven’t? Count me not surprised. It could be due to the fact that that’s not an actual saying, but the more likely reason is that there is a deep-rooted belief among Apple users that Apple products and services are somehow, by default, impervious to viruses, malware, hackers, etc. Allow me to reiterate: THEY’RE NOT! Need proof? Well, we could look back two years ago to Dexter (not the hit Showtime show). Or let’s rewind to early this year, when researchers learned that Macs were still vulnerable to 2011′s famous ‘Flashback Trojan’? […]

Continue Reading »

Son of a Breach! Can Companies Just Safeguard Their Customers’ Data?

by

Just when consumers were starting to regain some company trust and safe-shopping stability after last year’s massive Target breach, a string of new large-scale company breaches quickly reminded us consumers just how insecure our personal data can be. Needless to say, it’s been a rough year for some major companies and an even rougher year for thousands of unlucky customers. Let’s look at three of the major breaches of the last couple of months. Home Depot (Source: Krebs On Security) Early last month, reports started coming in that the home improvement giant was investigating “some unusual activity with regards to its customer data.” Security […]

Continue Reading »

‘Bash’ Shellshocks the Internet – Here’s What You Should Know

by

Update: Apple has patched the Bash bug. For more info (including links to download the updates on your Mac), check out this TechCrunch report. As of last week, there’s a new security bug in the news, and it’s wreaking havoc on the Internet. (Source: Macworld/Errata Security) Discovered by Stephane Chazelas, a security researcher for Akamai (who revealed the bad news to the world last Thursday), the ‘Bash bug, or ‘Shellshock’, is a particularly nasty vulnerability affecting the Bourne-Again Shell (thus the Bash acronym) of certain versions of the Unix and Linux operating systems. Yes, that includes derivatives like the Mac OS. In other words, […]

Continue Reading »

5 million GMail accounts breached, and I was one of them

by

There is a bit of irony in this blog post, if you will.  Over my time at Webroot, I have become a major advocate and vocal evangelist of digital security, from talking about major level breaches to sharing my experiences with dating-website scams.  My work has focused around the education of those who will listen and read my work on the value of keeping one’s self safe at home, work, and while traveling.  Like many others, I never thought (often quite ignorantly) that my information could get out there in a breach. And if it did, I was sure I […]

Continue Reading »

Apple’s Sept 9 Event: New (and larger) iPhones and (gasp), a Watch!

by

Well, September 9th is here, and the launch of Destiny, one of the most (if not the most) anticipated video games ever, isn’t the only major piece of news coming out of the tech world today. You may have heard that one Cupertino fruit-logo’d tech company had an event today. And now the details of Apple’s next big(ger) things are official. Initial takeaway? They’re pretty in-line with the the rumors that have been swirling around for months now. In other words, people got a lot of what they were expecting. Is that a good or bad thing? Depends on what camp you’re in. Probably. […]

Continue Reading »