Industry Intel

The Evolution of Cybercrime

From Landline Hacking to Cryptojacking By its very nature, cybercrime must evolve to survive. Not only are cybersecurity experts constantly working to close hacking loopholes and prevent zero-day events, but technology itself is always evolving. This means...

A Chat with Kiran Kumar: Webroot Product Director

The process of bringing a cybersecurity product to market can be long and tedious, but Kiran Kumar, Product Director at Webroot, loves to oversee all the moving parts. It keeps him on his toes and immersed in the ever-changing world of security technology. We sat down...

How To Keep Better Tabs on Your Connected Apps

Not that long ago, before data breaches dominated daily headlines, we felt secure with our social media apps. Conveniently, every website seemed to allow logging in with Facebook or Twitter instead of creating a whole new password, and families of apps quickly became...

Four Tips to Help Tidy Up Your Tech

This spring, many of us will roll up our sleeves and get down to business decluttering our homes. Garage sales will be held, basement storage rooms will be re-organized, and donations will be made.  Shouldn’t the same thing happen in our digital lives? After all, the...

Cyber News Rundown: Bad Apps Infect Google Play

Reading Time: ~2 min.

Malicious Apps Get Millions of Installs

Google recently removed 85 apps from the Play Store after they were found to contain predatory adware. With over nine million combined downloads, the apps were mostly fake games or utility apps that began pushing a constant stream of full-screen ads to users until the app itself crashed. More worrisome, while nearly all the apps shared similar code, they were mostly uploaded from different developer accounts and used different digital certificates to minimize detection.

Tuition Scam Targets UK College

Several parents of students attending St. Lawrence College in the UK fell victim to an email scam over the holidays that requested early tuition payment at a discounted rate for the upcoming terms. While security measures surrounding parental information have since been improved, at least two separate families confirmed they sent undisclosed amounts of money to the scammers. Though these types of attacks target large audiences, it takes only a small number of successful attempts to make the campaign profitable.

Australian EWN System Hacked

With the help of a strong detection system, a brief hack of the Australian Early Warning Network (EWN) was quickly shutdown. Some of the messages contained warnings about the security of the EWN and listed several links that the user could navigate through. Fortunately, staff were quick to notice the severity of what was occurring and acted to prevent additional customers from being spammed.

Ransomware Uses Children’s Charity as Cover

When CryptoMix first came to light, it included a ransom note masquerading as a request for a “donation” to a children’s charity. It has since returned, but now includes actual information from crowdfunding sites attempting to help sick children and using their stories to guilt victims into paying a ransom. Even worse, as victims navigate the payment process, the ransomware continues to urge them on with promises that the sick child will know their name for the aid they provide.

Exploit Broker Raises Bounties for New Year

Following the New Year, a known exploit broker, Zerodium, announced they would be effectively doubling all bounty payouts for zero-day exploits. While lower-end Windows exploits will net a researcher $80,000, some Android and iOS zero-days will pay out up to $2 million. Unfortunately for many working on the lawful side, nearly all the exploits obtained by Zerodium will be privately sold, rather than used for patching or improving security.

Cyber News Rundown: Ransomware Hits Tribune Publishing

Reading Time: ~2 min.

American Newspapers Shutdown After Ransomware Attack

Nearly all news publications owned by Tribune Publishing suffered disruptions in printing or distribution after the publisher was hit by a ransomware attack. Many of the papers across the country were delivered incomplete or hours or days late. Even some papers that had been sold off to other publishers in previous years were affected. Fortunately, digital and mobile versions of the newspapers were untouched by the attack, allowing users to view local news as normal online.

‘PewDiePie’ Hacker Turns Focus to Smart Devices

The hacker previously responsible for hacking thousands of printers and directing them to print ads in support of PewDiePie, the world’s largest YouTuber, has now started using unsecured smart devices to continue the campaign. In addition to requesting the “victim” subscribe to PewDiePie, the hacker’s main message is to bring light to the extreme lack of security many of us live with daily. By using the standard ports used by smart TVs to connect to streaming devices, the hacker has even created scripts that will search for these insecure ports and begin connecting to them.

California Alcohol Retailer Faces Data Breach

One of the largest alcohol retailers in California, BevMo, recently announced they’ve fallen victim to a credit card breach on their online store. The breach lasted for nearly two months, during which time customer payment card data for nearly 14,000 customers was illegitimately accessed. While officials are still unclear as to who was behind the breach, it is likely related to the MageCart attacks that appeared across the globe during the latter half of 2018.

Blur Password Manager Leaves Passwords Exposed

An independent security researcher recently discovered a server that was allowing unauthenticated access to sensitive documents for well over two million users. The exposed information included names, email addresses, IP addresses from prior logins, and even their account password, though the company has remained firm that the passwords contained within their accounts are still secure. Since the reveal, Blur’s parent company, Abine, has prompted users to change their main passwords and enable two-factor authentication, if they had not already done so.  

Bitcoin Wallets: Still Major Target for Hackers

Nearly $750,000 worth of Bitcoin was stolen from Electrum wallets in an attack that began only a few days before Christmas. By exploiting a previously documented vulnerability, the hackers were able to inject their own server list into the connections made by the Electrum wallet and successfully rerout their victims to another server, where they were then presented with a fake update screen. By moving forward with the “update,” malware was promptly downloaded to the device and users could then enter their wallet credentials, only for them to be stolen and their accounts drained.

Cyber News Rundown: Amazon User Receives Thousands of Alexa-Recorded Messages

Reading Time: ~2 min.

Amazon User Receives Thousands of Alexa-Recorded Messages

Upon requesting all his user data from Amazon, one user promptly received over 1,700 recorded messages from an Alexa device. Unfortunately, the individual didn’t own such a device. The messages were from a device belonging to complete stranger, and some of them could have easily been used to find the identity of the recorded person. While Amazon did offer the victim a free Prime membership, it’s cold comfort, as these devices are constantly recording and uploading everyday details about millions of users. 

San Diego School District Hacked

In a recent phishing scheme, hackers successfully gained the trust of a San Diego Unified School Districtemployee and obtained credentials to a system that contained student, parent, and staff data from the past decade. The database mostly consisted of personal data for over half a million individuals, but also included student course schedules and even payroll information for the District’s staff. 

Data Breach Affects Hundreds of Coffee Shops

Attackers were able to access payment data for 265 Caribou Coffee shopsacross the United States. The breach could affect any customers who made purchases between the end of August 2018 and the first week of December. The company recommends that any customers who may have visited any of their locations across 11 states engage a credit monitoring service to help avoid possible fraud.

FBI Shuts Down DDoS-for-Hire Sites

At least 15 DDoS-for-Hire siteshave been taken down in a recent sweep by the U.S. Justice Department, and three site operators are currently awaiting charges. Some of the sites had been operating for more than 4 years and were responsible for over 200,000 DDoS attacks across the globe. This is the second in a series of government-led cyberattack shutdowns over the last year. 

Email Scam Offers Brand New BMW for Personal Info

A new email scam is informing victims that they’ve just won a 2018 BMW M240iand over $1 million dollars, which they can easily claim if they provide their name and contact information. Victims who provide their contact details are then contacted directly and asked to give additional information, such as their social security number and credit or bank card details. If you receive this email or one like it, we recommend you delete it immediately, without opening it. 

Cyber News Rundown: Facebook Bug Exposes User Photos

Reading Time: ~2 min.

Facebook API Bug Reveals Photos from 6.8 Million Users

Facebook announced this week that an API bug had been found that allowed third-party apps to access all user photos, rather than only those posted to their timeline. The vulnerability was only available for 12 days in mid-September, but could still impact up to 6.8 million users who had granted apps access to their photos in that time.

Children’s Charity Falls Victim to Email Scam

Over $1 million was recently diverted from a children’s charity organization after hackers were able to gain access to an internal email account and begin creating false documents and invoices. Due to a lack of additional authentication measures, the funds were promptly transferred to a Japanese bank account, though insurance was able to compensate for most of the loss after the scam was finally discovered.

Email Extortion Scams Now Include Hitmen

The latest in a series of email extortion campaigns promises its victims will be executed by a hitman if a Bitcoin ransom of $4,000 isn’t paid within 38 hours. Given such poorly executed scare tactics, it comes as no surprise that the payment account has still not received any funds after several days. Hopefully, as the threats of violence leads to victims contacting law enforcement rather than paying the scammers, these types of scams will become more rare.

Hackers Force Printers to Spam PewDiePie Message

Nearly 50,000 printers around the world have been spamming out a message suggesting subscribing to PewDiePie on YouTube and recommending the recipient improve their printer security. The group behind the spam has stated they want to raise awareness of the real threat of unsecured devices connected to the internet and how they can be used maliciously. In addition to sending print-outs, attackers could also steal data being printed or modify documents while they are being printed.

Cybersecurity Audit Shows Major Vulnerabilities in U.S. Missile Systems

A recent report showed that U.S. ballistic missile defense systems have consistently failed security audits for the past five years. Some of the major flaws included a lack of encryption for data stored on removable devices, patches reported in previous years that remained untouched, and the regular use of single-factor authentication for entire facilities. Physical security issues that could leave highly-sensitive data exposed to anyone willing to simply try to access it were also detailed in the report.

Cyber News Rundown: Android Trojan Steals Credentials

Reading Time: ~2 min.

Clemson Supercomputer Susceptible to Cryptojacking

IT staff at Clemson University have been working to remove the recent introduction of a cryptominer on its supercomputer, known as Palmetto. As they compromised the system for the mining of Monero, the attackers’ ploy was only spotted due to spikes in computing power and rising operating costs for the supercomputer, since manually monitoring the entire system is nearly impossible. It’s still unknown who was responsible for the mining, but Clemson staff have already begun increasing security measures to discourage copy-cat crimes. 

Cyberattack Strikes Italian Oil Company

Italian oil and gas company Saipemfell victim to a cyber-attack earlier this week that knocked several critical servers offline. The attack appears to have focused specifically on servers located in Middle Eastern countries in which the company operates. It’s presently believed the attackers were also involved in prior cyberattacks on Saudi Aramco, for whom Saipem is a supplier. 

Data Breach Affects Topeka Residents

A data breach that could expose the personal details of nearly 10,000 residents of Topeka, Kansas was recently discovered. The breach could affect anyone who made online payments to the Topeka Utilities Department between October 31 and December 7. Officials are still working to determine the cause of the breach. The city’s utility department is in the process of contacting all 10,000 potential victims.

Google+ Reaches End of Life Sooner than Expected 

While the consumer version of Google+was destined to be shut down in mid-2019, a new bug will hasten its end to April. This final vulnerability had the potential to expose entire user profiles to any applications searching for data, even if the account was set to private. This vulnerability left over 52 million accounts accessible to any number of app developers during the six days it was left exposed.  

Android-based Trojan Steals Credentials

A new Trojan has been spotted on the Android OS that uses screen overlays for popular applications to trick users into entering credentials for apps like PayPal, Google Play, and even several banking apps. By displaying the overlay in the lock foreground screen, users are unable to close the pop-ups with normal methods, and can only do so by completing a form requesting login information. Additionally, the malware can identify if a legitimate app is currently installed and prompt the user to open it and log in, thereby removing a step in gaining access to the victim’s funds.

Cyber News Rundown: WeChat Ransomware

Reading Time: ~2 min.

Touch ID Used to Scam Apple Users

Two apps were recently removed from the Apple App Store after several users reported being charged large sums of money after installing the app and scanning their fingerprint. Both apps were fitness-related and had users scan their fingerprint immediately so they could monitor calories or track fitness progress. But the apps launched a payment confirmation pop-up with the user’s finger still on the device to charge any card on file for the account. Luckily, the apps were only available for a brief period before being removed and refunds issued.

Signet Jewelers Expose Customer Order Data

Signet Jewelers, the parent company for Kay and Jared jewelers, was informed last month by an independent researcher of a critical flaw in their online sites. By simply altering the hyperlink for an order confirmation email, the researcher was able to view another individual’s order, including personal payment and shipping information. While Signet resolved the issue for future orders, it took additional weeks to remedy the flaw for past orders.

WeChat Ransomware Hits over 100k Chinese Computers

In the five days since December began, a new ransomware variant dubbed WeChat Ransom has been spreading quickly across China. With over 100,000 computers currently infected and thousands more succumbing each day, WeChat has made a significant mark. Though it demands a ransom of only roughly $16 USD, the variant quickly begins encrypting the local environment and attempts to steal login credentials for several China-based online services. Fortunately, Tencent banned the QR code being used to send ransom payments and disabled the account tied to it.

Nearly 100 Million Users Compromised in Quora Breach

Servers containing sensitive information for nearly 100 million Quora.comusers were recently compromised by unknown hackers. In addition to personal information about users, any posts or messages sent over the service were also breached. While informing affected users of the leak, Quora stated that all password data they store was fully encrypted using bcrypt, which makes it considerably more expensive and time-consuming for the hackers to break the algorithms and obtain the data. 

Marriott Hotels Breach Leaves Half a Billion Users Vulnerable

In one of the largest data breaches to date, Marriott International is under fire for exposing the personal data of nearly 500 million individuals. A class-action lawsuit has been filed against the hotel chain. For many victims, their names, home addresses, and even passport information was available on an unsecured server for nearly four years after the company merged with Starwood, whose reservation systems were already compromised.

Cyber News Rundown: USPS Exposes Personal Data

Reading Time: ~2 min.

USPS Website Leaves Personal Data Available to Anyone

Within the last week, The U.S. Postal Service (USPS) has been working to resolve a vulnerability that allowed any authenticated user to view and modify the personal information for any of the other 60 million users. Fortunately, USPS was quick to fix the vulnerability before any detectable alterations were made, which could have included changes to social security numbers, addresses, and even live tracking information on deliveries.

Amazon Exposes Customer Data

Many Amazon shoppers recently received an email informing them that their personal information was released, though the announcement was light on details. To make matters worse, Amazon’s only response was that the issue has been fixed. It did not mention what the actual issue was or what may have caused it. Official Amazon forums have been bombarded with concerned customers in advance of the approaching holiday season.

IRS Audit Reveals Fraud Protection Failure

It was revealed during a recent audit of the IRS that victims of at least 89 unique data breaches received no fraud protection for their tax filings. The number of affected victims is just over 11,000, some of whom have already fallen victim to tax filing fraud for either their 2016 or 2017 tax return. IRS staff have made promises to include the missing breaches in their tracking systems as quickly as possible and to begin assisting the victims of these incidents.

Atrium Health Breach Involves 2.65 Million Patients

The names and other sensitive personal information have been compromised for over 2.65 million patients of Atrium Health after a third-party provider experienced a data breach. Over the course of a week in late September, several servers belonging to AccuDoc were illegitimately accessed, though none of the data was downloaded. Fortunately, the servers didn’t contain payment or personal medical records and Atrium Health was informed just 2 days after the incident was discovered.

New Jersey Police Computers Hit with Ransomware

Since Thanksgiving Day, the computer systems for one New Jersey police force have been taken completely offline after experiencing a ransomware attack. Computer and email systems normally used by office administrators were also shutdown as a precaution. It’s possible that the attack originated from one of the two official devices that have been missing for several months following the previous mayor’s abrupt passing.

Cyber News Rundown: Infowars Hacked by Card Skimmers

Reading Time: ~2 min.

Infowars Online Site Compromised by MageCart Attack

Earlier this week, a security researcher found payment card-stealing scripts running on the Infowars online site. The scripts managed to stay active for nearly 24 hours. At least 1,600 users of the site may have been affected during this period, though many were returning customers who wouldn’t have had to re-enter their payment information into the compromised forms. As of writing, the malicious scripts being used by Magecart are active on nearly 100 other online stores, with almost 20% getting re-infected within a two-week period.

Scammers Syphon €19 Million From French Film Company

A lawsuit recently revealed that savvy scammers successfully took nearly €19 million through a series of unauthorized transfers from a spoofed personal email address of the company’s CEO. After requesting additional information from the scammers, who continued to provide highly-detailed documents suggesting their legitimacy, several payments were transferred from the company’s main cash pool with promises of a quick payback from the scammers.

Chinese Headmaster Caught Cryptomining on School’s Systems

The headmaster of a Chinese school was fired after staff discovered an excessively high power bill previously written off as a faulty HVAC system was actually caused by several cryptomining rigs running off the school’s electricity. The headmaster brought the mining machines into the school in mid-2017 and evaded blame for the excess power consumption until the physical proof was discovered. While it appears no other harm was done, cryptomining software can be dangerous, as you can never be sure nothing else is bundled with it.

New Botnet Exploits Unpatched Bug in Over 100,000 Devices

Researchers have been monitoring a relatively new botnet that is currently controlling over 100,000 devices, including 116 device types from multiple manufacturers. By taking advantage of well-known bugs within Universal Plug n Play, hackers can quickly take control of the device and begin monitoring traffic from outside of the network.

Cathay Pacific Airlines Cyberattack Occurred Over Several Months

After originally claiming a data breach had taken place last month, affecting 9.4 million customers, new findings have shown the attacks have been happening regularly since March. Even though local laws didn’t require the company to notify authorities regarding a data breach, it is still surprising that it has taken almost nine months to determine what data had been exposed and what hadn’t.

Cyber News Rundown: HSBC Data Breach

Reading Time: ~2 min.

Data Breach Nabs HSBC Account Info

HSBC has been monitoring some unauthorized access occurring over a ten-day period on their customer’s online accounts. During this time, attackers used credentials that were likely part of prior breaches to access numerous accounts. HSBC worked quickly to disable online access to any accounts that showed suspicious activity. The bank also began notifying potential victims of the incident and have taken additional steps in securing their online access points.

Latest Chrome Iteration Cracks Down on Annoyances

With the rollout of Google’s Chrome 71, the company is looking to enhance the user experience by blocking all advertisements on sites that have continued to allow the hosting of offensive material. Chrome 71 will also be more efficient at blocking phishing attacks and misleading pop-up notifications that may redirect users. Fortunately, sites that are flagged can check their status and are given 30 days to correct for offending content.

University Shuts Down Network Over Cryptomining

A Canadian University was forced to shut down its entire network after IT staff discovered a cryptocurrency miner operating illicitly on several university systems. While they are still unsure who installed the cryptominer, they have removed the software from the systems and brought the remainder of the networks back online. Along with slowly restoring the remaining services taken offline, the university also forced a password change for all current users.

Cardless ATMs Lead to Rise in Phishing Attacks

Several arrests in Ohio have recently revealed a new scam that leverages SMS phishing attacks to withdraw money from ATMs that don’t require the use of a bank card. By sending a victim’s smartphone an SMS message containing a link to “unlock” their accounts, they are redirected to a phony site that steals their credentials. The scam has netted the attackers nearly $68,000 over a two-week period.

Twitter Bitcoin Scammers Take Over Verified Accounts

Even as Twitter-based Bitcoin scams have slowed, a new Elon Musk spoof account has popped up with the usual offer to multiply any amount of Bitcoins received and return the inflated amount. This scammer may have the benefit of taking over a verified account, but modifications to the profile name and obvious spelling errors reveal its clearly not legitimate, though it does leave raise questions regarding the verification system’s security.

Password Constraints and Their Unintended Security Consequences

Reading Time: ~5 min.You’re probably familiar with some of the most common requirements for creating passwords. A mix of upper and lowercase letters is a simple example. These are known as password constraints. They’re rules for how you must construct a password. If your password must be at least eight characters long, contain lower case, uppercase, numbers and symbol characters, then you have one length, and four character set constraints.

Password constraints eliminate a number of both good and bad passwords. I had never heard anyone ask “how many potential passwords, good and bad, are eliminated?” And so I began searching for the answer. The results were surprising. If you want to know the precise number of possible 8-character passwords there are if all of the character sets must be used, then the equation looks something like this.

A serious limitation of this approach is that it tells you nothing about the effects of each constraint alone or relative to other constraints. (I’m also not sure if there were supposed to be four consecutive ∑s or if the mathematician was stuttering.)

We choose to use a Monte Carlo simulation to analyze the mathematical impact of the various combinations of constraints. A Monte Carlo simulation uses a statistical analysis approach that provides a close approximation of the answer, while also providing the flexibility to quickly and easily measure the impact of each constraint and combination of constraints.

A look at minimum length limits

To start, let’s look at the impact of an eight-character length constraint alone. There are 95^8 possible combinations of 8 characters. 26 uppercase letters + 26 lowercase letters + 10 numerals + 33 symbols = 95 characters. For a length of 8 characters, we have 95˄8 possible passwords.

If a password must be at least 8 characters long, then there are also about 70.6 trillion otherwise viable passwords you are not allowed to use (95+(95^2 ) +(95^3 ) +(95^4 ) +(95^5)+(95^6 )+(95^7)). That’s a good thing. It means you can’t use 95 one character passwords, 9,025 two character passwords, and so on. Almost 70 trillion of those passwords you cannot use are seven characters long. This is a great and wholly intended effect of a password length constraint.

The problem with a lack of constraints is that people will use a very small set of all possible passwords, which invariably includes passwords that are incredibly easy to guess. In the analysis of over one million leaked passwords, it was found that 30.8 percent passwords eight to 11 characters long contained only lowercase letters, and 43.9 percent contained only lowercase letters and numbers.  In fact, to perform a primitive brute force attack against an eight-character password containing only lower case letters, it’s only necessary to try about 209 billion character combinations. That does not take a computer very long to crack. And, as we know from analyzing large numbers of passwords, it’s likely to contain one of the most popular ten thousand passwords.

To beef up security, we begin to add character constraints. But, in doing so, we decrease the number of possible passwords; both good and bad.

Just by requiring both uppercase and lowercase letters, more than 15 percent of all possible 8-character combinations have been eliminated as possible passwords. This means that 1QV5#T&|cannot be a password because there are no lowercase letters. Compared to Darnrats,which meets the constraint requirements, 1QV5#T&|is a fantastic password. But you cannot use it. Superior passwords that cannot be used are acceptable collateral damage in the battle for better security. “Corndogs” is acceptable, but “fruit&veggies” is not. This clearly is not a battle for lower cholesterol.

As constraints pile up, possibilities shrink

If a password must be exactly eight characters long and contain at least one lower case letter, at least one uppercase letter and at least one symbol, we are getting close to one-in-five combinations of 8 characters that are not allowable as passwords. Still, the effect of constraints on 12 and 16 character passwords is negligible. But that is all about to change… you can count on it.

Are you required to use a password that is at least eight characters long, has lower and uppercase letters, number and symbols? Just requiring a number to be part of a password removes over 40 percent of 8-character combinations from the pool of possible passwords. Even though you can use lowercase and uppercase letters, and you can use symbols, if one of the characters in your password must be a number then there are far fewer great passwords that you can use. If a 16 character long password must have a number, then 13 times more potential passwords have become illegal as a result of that one constraint than the combined constraints of lower and uppercase letters and symbols caused. More than one-in-four combinations of 12 characters can no longer become a passwords either.

You might have noticed that there is little effect on the longer passwords. Frequently there is also very little value in imposing constraints on long passwords. This is because each additional character in a password grows the pool of passwords exponentially. There are 6.5 million times as many combinations of 16 character pass words using only lowercase letters than there are of eight character passwords using all four character sets. That means that “toodlesmypoodles” is going to be a whole lot harder to crack than “I81B@gle”

Long and simple is better than short and hard

People tend to be very predictable. There are more symbols (than there are in any other characters set. Theoretically that means that symbols are going to do the most to make a password strong, but 80 percent of the time it is going to be one of the top five most frequently used symbols, and 95 percent of the time is will be one of the top 10 most frequently used symbols.

Analysis of two million compromised passwords showed that about one in 14 passwords start with the number one, however for those that started with the number one, 75 percent of them ended with a number as well.

The use of birthdays and names, for example, make it much easier to quickly crack many passwords.

Password strength: It’s length, not complexity that matters

As covered above, all four character sets (95 characters) in an eight character password allow for about 6.634 quadrillion different password possibilities. But a 16 character password with only lowercase letters has about 43.8 sextillion possible passwords. That means that there are well over 6.5 million times more possible passwords for 16 consecutive lowercase letters than for any combination of eight characters regardless of how complex the password is.

My great password is “cats and hippos are friends!”, but I can’t use it because of constraints – and because I just told you what it is.

For years password experts have been advocating for the use of simple passphrases over complex passwords because they are stronger and simpler to remember. I’d like to throw a bit of gasoline on to the fire and tell you, those 95^8 combinations of characters are only  half that many when you tell me I have to use uppercase, lowercase, numbers, and symbols.

Cyber News Rundown: DemonBot Rising

Reading Time: ~2 min.

DemonBot Botnet Gaining Traction

DemonBot, while not the most sophisticated botnet discovered to date, has seen a significant rise in usage over the last week. With the ability to take control of Hadoop cloud frameworks, DemonBot has been using the platform to carry out DDoS attacks across the globe. By exploiting Hadoop’s resource management functionality, the infection can quickly spread itself and allows for remote code execution on affected servers.

Cyber Attack Leaves Pakistani Bank Under Scrutiny

Bank Islami, one of the largest banks in Pakistan, announced that an unusual attack had occurred involving local cards used far outside of the country’s borders. While the bank was quick to return the funds removed from customer’s accounts, the remainder of the malicious transactions processed internationally have the bank being on the hook for nearly $6 million in phony withdrawals, mainly in the US and Brazil. Unfortunately, due to a lack of information regarding the malicious transactions, several other top banks in the country were forced to temporarily restrict international purchases to protect their own clients.

UK Industrial Credentials for Sale

Researchers recently discovered the credentials for over 600,000 individuals, all closely tied to construction or building firms, available for sale on the dark web. Presently it appears that the credentials were all compromised during breaches involving third-parties users would have given corporate email into, rather than specific breaches for the industry group. Fortunately, it appears there haven’t been any related breaches thus far, though this type of data could lead to additional sensitive information being stolen.

Ransomware Demands RDP Access to Encrypted System

A new ransomware variant has been making an unusual request from its victims: allowing remote desktop access in order to decrypt their files. Dubbed CommonRansom, due to the appended extension on the encrypted files, the variant also demands a 0.1 Bitcoin payment before making the request for administrator credentials to the victim’s computer. Even though this variant isn’t widespread, it does appear to be using a similar Bitcoin wallet as other infections, as 65 Bitcoins were recently sent from the designated wallet.

USGS Auditors Find Porn-related Malware on Government Network

Following a recent audit of the US Geological Survey, agency inspectors discovered Russian malware circulating the internal network and were able to trace it back to one employee who had visited over 9,000 pornographic websites from his government-issued computer. The employee was also found to be

Cyber News Rundown: Medicare Data Breach

Reading Time: ~2 min.

Data Breach Affects Centers for Medicare & Medicaid Services

The Centers for Medicare & Medicaid Services (CMS) announced last week they had discovered malicious activity within their direct enrollment pathway, which connects patients and healthcare brokers. At least 75,000 individuals were affected. The pathway has since been disabled to prevent further exposure. Until the pathway is fixed, hopefully within a week, CMS is contacting affected patients and offering them credit protection services.

Ransomware Disables City’s Computer Systems

City officials in West Haven, Connecticut finally gave in to ransom demands following a cyberattack against their systems. The attack began early Tuesday morning and disabled 23 individual servers before a decision was made to pay a ransom in hopes for the return of their data. While it is still unclear if the systems were fully restored, the town was lucky to receive a relatively small ransom request ($2,000 given the significant amount of data stolen.

User Data Exposed on Adult Sites

A string of eight adult sites, all owned by the same individual, fell victim to hackers who took advantage of poor security to expose records for up to 1.2 million individuals. While not as large as similar adult-related breaches, it still presents questions as to why proper security measures aren’t put in place on these sites proactively. The owner of the sites has since taken them down and replaced them with messages warning users to update their passwords and take extra security precautions.

McAfee Tech Support Scam on the Rise

A new browser-based tech support scam has been spotted recently that warns users their McAfee subscription has run out and needs to be renewed. Rather than redirect victims through an affiliate link to the real McAfee site, though, this latest scam directly prompts the user to input payment card information and other personal data into a small pop-up window. To top it off, once payment info is entered, an additional pop-up appears that suggests contacting support to help install your new software and eventually falsely claiming payment wasn’t successful and users must re-purchase the software.

Iowa City Shuts Down After Ransomware Attack

The city of Muscatine, Iowa is working to determine how several of their main computer systems, both within city hall and its library, were infiltrated by ransomware that’s knocked them offline. Officials have announced that no information was stolen and the city does not maintain any payment records, so citizens shouldn’t be worried. The city’s emergency services were also unaffected and continue to operate as normal.

Page 3 of 8912345...Last »