ZeroCleare Malware Wiping Systems
IBM researchers have been tracking the steady rise in ZeroCleare deployments throughout the last year, culminating in a significant rise in 2019. This malware is deployed on both 32 and 64-bit systems in highly targeted attacks, with the capability to completely wipe the system by exploiting the EldoS RawDisk driver (which was also used in prior targeted attacks). The malware itself appears to be spreading through TeamViewer sessions and, though the 32-bit variant seems to crash before wiping can begin, the 64-bit variant has the potential to cause devastating damage to the multi-national corporations being targeted.
FTC Scam Threatens Victims with Terrorism Charges
FTC officials recently made an announcement regarding scam letters purporting to be from the commission and the numerous complaints the letters have sparked from the public. Victims of the scam are told that, due to some suspicious activity, they will be personally and financially monitored as well as face possible charges for terrorism. These types of scams are fairly common and have been in use for many years, often targeting the elderly with greater success.
Misreported Data Breach Costs Hospital Millions
Following an April 2017 complaint, the Office of Civil Rights has issued a fine of $2.175 million after discovering that Sentara Hospitals had distributed the private health information for 577 patients, but only reported eight affected. Moreover, it took over a year for the healthcare provider to take full responsibility for the breach and begin correcting their security policies for handling sensitive information. HIPAA violations are extremely time-sensitive and the slow response from Sentara staff could act as a lesson for other organizations to ensure similar events don’t reoccur.
Android Vulnerability Allows Hackers Easy Access
Researchers have identified a new Android exploit that allows hackers access to banking applications by quickly stealing login credentials after showing the victim a legitimate app icon, requesting additional permissions, and then sending the user to their expected app. Even more worrisome, this vulnerability exists within all current versions of AndroidOS and, while not found on the Google Play Store, some illicit downloaders were distributing it.
Smith & Wesson Hit by Magecart
In the days leading up to Black Friday, one of the largest retail shopping days of the year, malicious skimming code was placed onto the computer systems and, subsequently, the website of Smith & Wesson. In a slight break from the normal Magecart tactics, they attackers were masquerading as a security vendor to make their campaign less visible. The card-skimming code was initially placed onto the website on November 27 and was still active through December 2.