Reading Time: ~< 1 min.

Is GDPR a Win for Cybercriminals?

GDPR represents a massive paradigm shift for global businesses. Every organization that handles data belonging to European residents must now follow strict security guidelines and businesses are now subject to hefty fines if data breaches are not disclosed....

American Cybercrime: The Riskiest States in 2018

Nearly 50 percent of Americans don’t use antivirus software That’s right; something as basic as installing internet security software (which we all know we’re supposed to use) is completely ignored by about half the US. You’d be amazed how common this and other risky...

Bad Apps: Protect Your Smartphone from Mobile Malware

Smartphone apps make life easier, more productive, and more entertaining. But can you trust every app you come across? Malicious mobile apps create easy access to your devices for Android and iOS malware to wreak havoc. And there are many untrusted and potentially...

Top 3 Questions SMBs Should Ask Potential Service Providers

Reading Time: ~< 1 min.

It can be daunting to step into the often unfamiliar world of security, where you can at times be inundated with technical jargon (and where you face real consequences for making the wrong decision). Employing `

In a study performed by Ponemon Institute, 34% of respondents reported using a managed service provider (MSP) or managed security service provider (MSSP) to handle their cybersecurity, citing their lack of personnel, budget, and confidence with security technologies as driving factors. But how do you find a trustworthy partner to manage your IT matters?

Here are the top 3 questions any business should ask a potential security provider before signing a contract:

 

 

 

 

 

While these are not all of the questions you should consider asking a potential service provider, they can help get the conversation started and ensure you only work with service providers who meet your unique needsservice providers who meet your unique nee.

  1. Ponemon Institute. (2016, June). Retrieved from Ponemon Research: https://signup.keepersecurity.com/state-of-smb-cybersecurity-report/
  2. Ponemon Institute Cost of Data Breach Study: (2017 June) https://www.ibm.com/security/data-breach

Cyber News Rundown: Edition 12/29/17

Reading Time: ~2 min.

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any questions? Just ask.

WordPress Backdoor Found on Over 300,000 Machines

Recently, researchers found a WordPress plugin containing a backdoor that could allow criminals to easily access any device on which the plugin is installed (at least 300,000 machines, in this case). Even more worrisome: the backdoor wasn’t discovered until the plugin’s author was cited in a copyright claim over the use of the “WordPress” brand. The WordPress security team quickly updated the plugin and began force-installing it on all compromised sites.

Billions of Credentials Found on Dark Web

In a recent data dump on the Dark Web, researchers have discovered a trove of credentials for at least 1.4 billion users, all of which was stored in plain text and was easily searchable. While some of the data had already been released in a previous data dump, it appears most of the credentials were new and verified as authentic. Unsurprisingly, the dump has also revealed that the majority of users still have incredibly weak passwords. The most common is still “123456”.

Data on Millions of Americans Left Unattended Online

Earlier this year, researchers discovered yet another AWS S3 database left misconfigured and freely available to anyone with AWS credentials. The database belongs to Alteryx, a marketing analytics company, and revealed financial information for at least 123 million Americans. Although, fortunately, the database didn’t contain full names or social security numbers, the 248 available data fields could easily be used to identify specific individuals.

Thousands of Lexmark Printers Left Unsecured

Over 1,000 internet-connected Lexmark printers have been found to have zero security measures; most lacked even a simple password. Additionally, many of these printers have been traced back to prominent companies and even government organizations. And while sensitive information isn’t directly available, hackers could cause major disruptions to the devices’ functions, and could even install malware to remotely capture any print jobs that might contain valuable data.

Android Mobile Game Silently Leaking Data

A relatively new mobile game on the Google Play Store appears to leak sensitive data from both the device’s user and the device itself almost constantly. Dune!, the app, has been downloaded at least 5 million times, and has been known to connect to up to 32 different servers to silently transmit stolen data and access a device’s geolocation data. Along with its true functionality, Dune! carries at least 11 known vulnerabilities that make it prone to additional attacks and further data leakage.

 

3 Tips for Securing Your Home WiFi Networks

Reading Time: ~2 min.

Once your home WiFi network is up and running and your family’s devices are connected, it’s normal to turn a blind eye to your router. After all, it’s mostly out of sight and out of mind. Unfortunately, that small, seemingly harmless box isn’t as secure as you may think.

Your router is your gateway to the internet. Once it’s compromised, cybercriminals may be able to view your browser history, gain access to your login information, redirect your searches to malicious pages, and potentially even take over your computer to make it part of a botnet.

Attacks like these are becoming all too common. Last year, we saw a prime example when hackers gained access to routers from various manufacturers and infected consumers’ devices with malicious advertising (also known as malvertising).

In a more recent attack, hackers entered WordPress sites through their owners’ unsecured home routers. After hacking the router, the attackers successfully guessed the password for the WordPress accounts and took complete control of the sites. As security experts noted, this particular hack was made even worse by the fact that most users have little to no understanding of how to secure their home router.

Beef up your home Wifi network security

Here are a few precautionary steps you can take to help deter cybercriminals from infiltrating your home WiFi network:

  • Change the default username and password on your route. (Remember to update your WiFi password frequently!)
  • Configure your router’s settings to use strong network encryption (WPA2 is preferred).
  • Disable your router’s SSID broadcast so it isn’t visible to others.

 

Do you live in one of the most-hacked states?

 

Additionally, Webroot Chief Information Security Officer (CISO) Gary Hayslip recommends enabling a personal firewall.

“Hackers search the internet by using certain tools to send out pings (calls) to random computers and wait for responses,” he said. “Your firewall, if configured correctly, would prevent your computer from answering these calls. Use your personal firewall. The main point to remember is that firewalls act as protective barriers between computers and the internet, it is recommended you install them on your computers, laptops, tablets, and smart devices if available.”

Learn more about how to keep your WiFi connection secure with our Tips for Improving Router Security.

Cyber News Rundown: Edition 12/15/17

Reading Time: ~2 min.

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any questions? Just ask.

NC County Crippled by Ransomware Attack

Recently, a county in North Carolina was the target of a substantial ransomware attack that took many of their official systems offline, and may have affected over a million residents. Nearly 10% of the county’s servers were forced offline with a ransom demand of $23,000. County officials have stated they will not be paying, as there are no guarantees with ransomware, and will work to recover systems as quickly as possible.

Starbucks In-Store Wi-Fi Used to Mine Cryptocurrency

In the past week, a researcher discovered that the Argentinian rewards site for Starbucks was silently running a coin-mining script to generate Monero coins. Even more worrisome: more than 5,000 unique sites have been identified which are also be running some form of CoinHive code to mine cryptocurrency by sapping unsuspecting visitor’s CPU power. Fortunately for fans of free WiFi, Starbucks was quick to contact their internet service provider and resolve the issue.

Brand New HP Laptops Come with a Nasty Surprise

Keylogging software was recently discovered on over 400 models of HP laptops—preinstalled in their keyboard drivers. Even though the keylogger is disabled by default, it wouldn’t be difficult for anyone with access to the device to compromise its security by enabling it to record users’ keystrokes. Luckily for HP users, the company promptly issued a patch that removed the keylogging software from affected devices.

Spider Ransomware Focused on Balkans

Over the last few days, researchers have been monitoring a new ransomware variant called “Spider” as it works its way across the Balkan region of Europe. Surprisingly, this variant gives victims a mere 96 hours to pay the ransom. In addition to the tight deadline, the ransomware makes several attempts to ease the payment process for victims by providing an “educational” video tutorial and giving the user steady reassurance on how simple it is. As with many other ransomware variants, Spider spreads through malicious Microsoft® Office documents that request users to enable macros.

Mirai Botnet Creators Federally Charged in US

The creators of the original Mirai botnet have been federally charged for its initial creation and use as a DDoS-for-hire service. At its peak, Mirai affected over 300,000 individual IoT devices. Apparently, after the major DDoS attack earlier this year against DNS provider Dyn, one of the creators released the source code in the hope that others might use it, thereby obscuring the trail leading back to him.

10 Cybersecurity Predictions for 2018

Reading Time: ~2 min.

It has been a turbulent year of devastating ransomware attacks (e.g. NotPetya) and gut-wrenching breaches (e.g. Equifax). Undoubtedly, the question on everyone’s mind is, “what’s in store for us in the New Year?” Webroot’s top 10 cybersecurity predictions for 2018 covers everything from ransomware and breaches to mobile, cryptocurrency, and government.We’ve grouped our predictions to help you navigate this glimpse into one possible cybersecurity future.

Malware will get smarter and threats more serious.

Malware campaigns will use AI to make secondary infection decisions based on what they’ve learned from previous campaigns. – Gary Hayslip, chief information security officer

We will see the first health-related ransomware targeting devices like pacemakers. – Eric Klonowski, sr. advanced threat research analyst

We haven’t seen the last of breaches.

I predict a minimum of 3 separate breaches of at least 100 million accounts each. I’d be willing to bet the data has already been compromised, but the affected organizations won’t learn of the breach until next year. – Tyler Moffitt, sr. advanced threat research analyst

Not even biometric security will be safe from malicious actors.

We will see the first biometric-access-based exploits using facial recognition or fingerprint access. – Eric Klonowski, sr. advanced threat research analyst

Consumers will want more from governments to keep them safe.

Consumers fighting back: 2018 will see major a major backlash from consumers (perhaps in the form of class action lawsuits), necessitating more regulations around data protection, particularly in the U.S. – David Kennerley, director of threat research

Infosec will become a C-level priority.

The CISO role will be mandatory for all organizations who do business with the Federal Government. – Gary Hayslip, CISO

Being a mobile-first society will come with greater costs.

We will see the first widespread worming mobile phone ransomware, perhaps spread by SMS or MMS. – Eric Klonowski, sr. advanced threat research analyst

Cryptocurrency will continue to rise and impending legislature is inevitable.

Malware distribution will rise and fall in conjunction with Bitcoin value. – Christopher Cain, associate malware removal engineer

GDPR will set a tone, for better or worse, and businesses should prepare on all sides.

Companies who trade with the European Union will suddenly panic over GDPR requirements and just encrypt everything in a knee-jerk response. – Jonathan Giffard, sr. product manager

The boom in the IoT space will bring stricter oversight to device manufacturers.

Data collected from IoT devices will be aggregated and used to develop an even larger, more involved picture of customers’ habits, constituting a major breach of privacy without consent. – Gary Hayslip, CISO

Do you have any cybersecurity predictions for 2018? Share your thoughts with us on Twitter with the tag #CyberIn2018.

Cyber News Rundown: 2017 Year in Review

Reading Time: ~< 1 min.

As 2017 comes to a close, we’re looking back at the 10 most significant (or simply the most devastating) cybersecurity stories of the year. Read through the list below to see which attacks, data breaches, and other events left a lasting impact on both the security industry and the global online community overall.

Which story meant the most to you or your business? Let us know in the comments below!

 

 

 

 

 

 

 

 

 

 

Cyber News Rundown: Edition 12/08/17

Reading Time: ~2 min.

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any questions? Just ask.

PayPal Plagued by Phishing Emails

Recently, many PayPal users have received emails about a fake transaction failure that request the user verify their login credentials. While many users were quick to notice the illegitimate sender email address, they also noticed that the email didn’t call them by name or username. Anyone who did follow the verification link would land on a fake site that asks the user to reenter their payment information and security questions.

Satori Botnet Emerges with 280,000 Infected Devices

Closely following worm behavior, the Satori variant of Mirai is able to spread quickly by using exploits to remotely connect to devices with unsecured ports, specifically ports 37215 and 52869. While exact methods are still unclear, Satori appears to be using a zero-day exploit for Huawei routers that received some attention in late November for allowing unauthorized code execution on affected devices. Use of Mirai variants has continued to rise in prevalence following the initial Mirai botnet discovery, which received worldwide attention for being the largest active botnet to date.

Virtual Keyboard App Leaves Data Exposed

With over 40 million users worldwide, you might expect a popular virtual keyboard app company would use strong data protection, rather than hosting the information on a simple server without so much as a password. Although the company secured their server shortly after learning of the vulnerability, 577 gigabytes worth of sensitive user data were available for an unknown period of time. The data included names and email addresses, along with user locations by city. Even worse, any keystrokes entered via the app were recorded and stored; this data was also on the unencrypted server.

Phishing Sites Now Use HTTPS to Appear Legitimate

In the past few years, security measures for websites have gotten significantly stronger, but cybercriminals are managing to close the gap. By implementing HTTPS for phishing sites, scammers can trick victims into divulging their information even more easily. After all, many users have been trained to look for the HTTPS protocol to ensure a website’s security. In a recent sample collected over a 24-hour period, nearly 200 unique phishing pages were found using HTTPS, even though it isn’t necessary for anything beyond user deception.

Apple Root Bug Resurfaces After Update

As a follow-up to last week’s new regarding a bug that allowed anyone with access to the device to gain “root” or administrative privileges, the bug appears to have resurfaced on systems that received the update after the patch was released. In addition to the bug’s return, the security update also managed to break Apple’s file sharing functionality. They have since pushed out yet another update that appears to patch all the recent issues.

How to Outsmart Mobile Threats

Reading Time: ~2 min.

As the holiday season kicks into high gear, keep in mind that shoppers are at an even higher risk of cyberattacks during this time of year. Salesforce projects that mobile users will account for 60 percent of traffic to retail sites around the globe this year. With the increased popularity of shopping on the go, more and more cybercriminals will move to prey on unsuspecting shoppers. Here are a few tips to minimize your chances of falling victim to cybercriminals this holiday season (and all year long). 

Sophisticated attacks on smartphones

The fact is, mobile threats are on the rise. The Webroot 2017 Threat Report revealed a spike in malicious mobile apps, noting that almost half of new and updated mobile apps analyzed over the previous year were classified as malicious or suspicious. That’s nearly 10 million apps, up from a little more than two million such apps in 2015.  

Given the rising frequency of cyberattacks and data breaches year over year, it’s no surprise that we’ve continued to see more sophisticated smartphone attacks. Some of the most common mobile threats users face are mobile web browser-based hacking, adware, remote device hijacking and eavesdropping, and breaches of mobile payment services.  

Why you need a mobile security app 

To avoid becoming a hacker’s next victim, protect your device with a mobile security app. A trusted security app can block infected or malicious apps and file downloads. It can also help protect your identity and personal information if your mobile device is lost or stolen. 

It’s worth pointing out that all mobile security services are not created equal. In October, independent testing firm AV-TEST found that Google’s Play Protect service, which is designed to safeguard Android apps, was found to be “significantly less reliable” than third-party security apps, according to The Next Web. 

 

Don't Get Hacked

 

Outside of a solid mobile security app, Webroot Chief Information Security Officer Gary Hayslip recommends making sure mobile devices are up to date:  

“I recommend getting in the habit of periodically checking for updates and, if any are available, installing them. Updates that are waiting to be installed are accidents waiting to happen; they are doorways that can be exploited to access your devices or steal or encrypt your information. Don’t make it easier for your device to be compromised, keep it updated with the latest patches.” 

Safety measures 

In addition to a mobile security app and frequent updates, you should also be protective of your mobile device’s connections. Follow these two tips to double-down on your mobile safety:  

  1. Turn off your Bluetooth: Bluetooth is a resurgent way for cyber deviants to gain access to your devices and personal information, so be sure to keep your Bluetooth off while out and about doing holiday shopping. 
  2. Data over WiFi: Public WiFi networks are notorious hotbeds for digital attacks. If you have to do your holiday shopping online in public, use your cellular connection instead. If you’d rather not use data, a virtual private network (VPN) is a great way to protect yourself while connected to a public network on your mobile device.  

New Cryptojacking Tactic May Be Stealing Your CPU Power

Reading Time: ~4 min.

What if cybercriminals could generate money from victims without ever delivering malware to their systems? That’s exactly what a new phenomenon called “cryptojacking” entails, and it’s been gaining momentum since CoinHive first debuted the mining JavaScript a few months ago.

The intended purpose: whenever a user visits a site that is running this script, the user’s CPU will mine the cryptocurrency Monero for the site owner. This isn’t money out of thin air, though. Users are still on the hook for CPU usage, the cost of which shows up in their electric bill. While it might not be a noticeable amount on your bill (consumer CPU mining is very inefficient), the cryptocurrency adds up fast for site owners who have a lot of visitors. CoinHive’s website claims this is an ad-free way for website owners to generate enough income to pay for the servers. All altruistic excuses aside, it’s clear threat actors are abusing the tactic at the victims’ expense.

An example of cryptojacking

 

In the image above, we can see that visiting this Portuguese clothing website causes my CPU to spike up to 100%, and the browser process will use as much CPU power as it can. If you’re on a brand new computer and not doing anything beyond browsing the web, a spike like this might not even be noticeable. But if you’re using a slower computer, just navigating the site will become very sluggish.

Cybercriminals using vulnerable websites to host malware isn’t new, but injecting sites with JavaScript to mine Monero is. In case you’re wondering why this script uses Monero instead of Bitcoin, it’s because Monero has the best hash rate on consumer CPUs and has a private blockchain ledger that prevents you from tracking transactions. It’s completely anonymous. Criminals will likely trade their Monero for Bitcoin regularly to make the most of this scam.

CoinHive’s JavaScript can be seen in this website’s HTML:

 

CoinHive maintains that there is no need block their scripts because of “mandatory” opt-ins:

“This miner will only ever run after an explicit opt-in from the user. The miner never starts without this opt-in. We implemented a secure token to enforce this opt-in on our servers. It is not circumventable by any means and we pledge that it will stay this way. The opt-in token is only valid for the current browser session (at max 24 hours) and the current domain. The user will need to opt-in again in the next session or on a different domain. The opt-in notice is hosted on our servers and cannot be changed by website owners. There is no sneaky way to force users into accepting this opt-in.”

For reference, here’s what an opt-in looks like (assuming you ever do see one):

CoinHive Opt-In

Why Webroot blocks cryptojacking sites

Unfortunately, criminals seem to have found methods to suppress or circumvent the opt-in—the compromised sites we’ve evaluated have never prompted us to accept these terms. Since CoinHive receives a 30% cut of all mining profits, they may not be too concerned with how their scripts are being used (or abused). This is very similar to the pay-per-install wrappers we saw a few years ago that were allegedly intended for legitimate use with user consent, but were easily abused by cybercriminals. Meanwhile, the authors who originated the wrapper code made money according to the number of installs, so the nature of usage—benign or malicious—wasn’t too important to them.

To protect our users from being exploited without their consent, we at Webroot have chosen to block websites that run these scripts. Webroot will also block pages that use scripts from any CoinHive copycats, such as the nearly identical Crypto-Loot service.

There are a few other ways to block these sites. You can use browser extensions like Adblock Plus and add your own filters (see the complete walkthrough here.) If you’re looking for more advanced control, extensions like uMatrix will allow you to pick and choose which scripts, iframes, and ads you want to block.

 

Update 12/13/17:

CoinHive scripts running rampant

If there was ever any doubt around the severity of this emerging threat and the overall nefarious use of CoinHive’s scripts, it can be put to rest. CoinHive engineers have now essentially admitted that they’ve “invented a whole new breed of malware,” according to a report in the German newspaper Süddeutsche Zeitung.

With the continued price surges in Monero, and the cryptocurrecy market as a whole, it seems cryptojacking becomes a more lucrative opportunity for cybercriminals with each passing day. And recent revelations have shown even more surreptitious methods being used by cryptojacking sites to evade user detection. One website was seen hiding a popup window underneath the Window’s task bar in order to continue mining after users believe they have closed their web browser, according to Bleeping Computer.

CoinHive’s cryptojacking script was even spotted on public WiFi at a Starbucks in Buenos Aires, according to BBC News.

Cyber News Rundown: Edition 12/01/17

Reading Time: ~2 min.

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any questions? Just ask.

US Military Files Found on Publicly Available Server

In the past week, researchers have discovered several publicly available Amazon S3 servers belonging to the US Army and the NSA. Of the numerous sensitive files that were exposed, one was a virtual machine that contained thousands of files, many of which were labeled “Top Secret”, though these were inaccessible without the aid of other internal resources. Along with the virtual machine, researchers also discovered a portion of an outdated cloud computing service used to access the aggregate information on an Army intelligence network, though the program has been out of use since 2014.

Latest MacOS Leaves Root Access Exposed

With the latest iteration of MacOS, dubbed High Sierra, comes an unusual problem: it allows anyone with local access to a machine to log in as a “root” user (which has powerful system permissions) without entering a password. Fortunately for many users, simply adding a root password was a quick method to solve the security issue, though Apple promptly released a patch which provided the fix.

Healthcare Industry Takes Firmer Stance on Security

A new report revealed that most healthcare domains do little to protect their email users, as a staggering 57% of all emails that come from the healthcare industry have been found to be fraudulent. In addition, at least 92% of all healthcare domains have been victims of phishing or scam emails within the past 6 months. Hopefully, with the implementation of stricter security measures, customers can begin to have more trust in the emails they receive from healthcare providers.

Facebook Flaw Allows Polls to Delete Other Users’ Data

Recently, a researcher found a flaw in Facebook’s polling feature that would have allowed him to connect this poll with any other user’s images and subsequently delete the images when he deleted the poll. By finding a workaround to user authentication, he could attach the image ID of any picture that was posted to the site to a Facebook poll he created. Luckily, the researcher quickly contacted Facebook, who have since fixed the flaw and paid a tidy bounty for the find.

Uber Waits Entire Year to Reveal Data Breach

Last week, Uber announced they suffered a data breach in late 2016 that could affect 2.7 million users in the UK. Reportedly, Uber knew of the breach and paid the hackers $100,000 to delete the stolen data and keep quiet. While the breach appears to only contain names, email addresses, and phone numbers, the National Cyber Security Centre (NCSC) encourages all Uber users to change their login credentials immediately, as the full extent of the breach remains unclear. This breach and its handling are yet another strike against the ride-sharing service, after a long year of controversies that have majorly affected their business.

Why You Should Use a VPN on Public WiFi

Reading Time: ~2 min.

Working remotely? It only takes a moment on a free WiFi connection for a hacker to access your personal accounts. While complimentary WiFi is convenient, protecting your connection with a VPN is the best way stay safe on public networks, keeping your data and browsing history secure.  

What is a VPN?

VPN stands for “virtual private network” and is a technology that can be used to add privacy and security while online. It’s specifically recommended when using public WiFi which is often less secure and is often no password protected.  

VPN’s act as a bulletproof vest for your internet connection. In addition to encrypting the data exchanged through that connection, they help safeguard your data and can enable private and anonymous web browsing. However, even if you’re using a VPN, you must still be careful about clicking on suspicious links and downloading files that may infect your computer with a virus. Protecting yourself with antivirus software is still necessary.

 

Five ways free antivirus could cost you

When and why should you use a VPN?

When checking into your hotel, connecting to the WiFi is often one of the first things you do once settling in. While it may sound like a tempting offer, logging in to an unsecured connection without a VPN is a very bad idea. In July, ZDNet reported the return of hacker group DarkHotel which aims to target hotel guest’s computers after they have logged on to the building’s WiFi. Once compromising a guest’s WiFi, the hacker group can then leverage a series of phishing and social engineering techniques to infect targeted computers. 

Traveling and lodging is just one example of when you can use a VPN to help stay secure and avoid potential attacks, however anyone can benefit from using a VPN.  

From checking Facebook on an airport hotspot, accessing your company files while working remotely or using an open network at your local coffee shop, regardless of the scenario, using a public WiFi can potentially put the data you’re sending over the internet at risk.

Cyber News Rundown: Edition 11/16/17

Reading Time: ~2 min.

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.

Brothers Printers Vulnerable to Major Exploit

Researchers have discovered an exploit in several Brothers printer models that would allow attackers to issue a continuing DDoS attack against the printer, rendering it unusable. By sending a fraudulent HTTP request to the device, the attackers could then use the printer against itself by forcing a cycle of printer errors, followed swiftly by another phony HTTP request. Although this exploit only affects printer models with a web interface, its discovery sheds light on much more basic security flaws, such as not changing the default password or allowing unrestricted remote access.

Password Hackers Have Reached New Heights

As cybercriminals and their tools get more and more advanced, it’s no surprise that the use of traditional passwords may have finally met its end. Password cracking software has gone from taking years to days to hours to complete, so human-created passwords may now leave many institutions less secure than they could be, and have contributed to numerous data breaches in the last few years.

Ride-Hailing Service Leaves Servers Unsecured

In the least week or so, a server belonging to Fasten, a Boston-based ride-hailing service, was found to be publicly accessible for at least 48 hours; the timeframe may have been longer. The server in question contained personal data for both passengers and drivers, along with data about customer devices and the vehicles used. Fortunately for many users, the company worked quickly to secure the server and improve their data security policies.

Pro-ISIS Hacking Group Targets U.S. School Websites

Recently, the primary websites for at least 800 schools across the U.S. were hacked by a Pro-ISIS group to redirect site visitors to an Arabic YouTube propaganda video. The hacked sites were all linked through an academic website building service called SchoolDesk. SchoolDesk claims no personal information was exposed during the breach, though this news is difficult to confirm. This attack isn’t the worst one perpetrated by the hacking group, but it is the most recent, and the hackers have stated each of their victims has had limited security protocols.

IcedID Banking Trojan Spreads to US

Over the last several days, researchers have been tracking a new banking Trojan that has swiftly spread across the US. IcedID employs both redirection attacks and browser injection, which is fairly unusual. Previously, these tactics have only been combined by Dridex, a highly advanced banking Trojan. By using the botnet built by the Emotet Trojan, IcedID can deploy onto previously infected systems, causing even more damage.

Page 5 of 92« First...34567...Last »