Petronella Cybersecurity News

The Federal Bureau of Investigation (FBI) released a warning to U.S. businesses and organizations Wednesday regarding high-impact threats across the country.  Numerous cyberattacks have been documented recently involving ransomware.  Despite the ever-evolving attack strategies, the FBI highlights three main attack techniques that are being used by criminals to avoid detection and infiltrate businesses and organizations: […]

According to Danny Adamitis and Elizabeth Wharton from Prevailion, spear phishing emails have been targeting the U.S. utilizing an obscure file format to beat antiviral software.  They call this campaign “Autumn Aperture”.  Attackers are sending word documents to recipients with content specialized to the victim’s recent activities.  This level of specialization results in a significantly […]

Not one but THREE hospitals in the DCH Health System in Alabama are unable to accept new patients today due to ransomware: DCH Regional Medical Center in Tuscaloosa, Northport Medical Center in Northport, and Fayette Medical Center.  Cybercriminals have demanded an undisclosed amount of money for the unlock code. “A criminal is limiting our ability […]

A security researcher who goes by the Twitter handle “axi0mX” announced on Friday that there is a permanent Bootrom vulnerability “checkm8” in Apple iOS.  The flaw enables bypassing the security protections present in most Apple mobile devices.  Downside: cannot be patched.  Upside: physical access is needed  to exploit it and a system restart erases any […]

Airbus, a European aerospace company, had found itself the victim of several possible Chinese hacker attacks searching for proprietary data and insider secrets. According to sources, AFP spoke to seven security and industry sources, all of whom confirmed a spate of attacks in the past 12 months but asked for anonymity because of the sensitive nature […]

“Advance fee” or “419” scams have been around for years.  The scam works via an attempt to contact the victim so they can be gifted an exuberant amount of funds left unclaimed by a deceased individual who has the same last name as the victim or is their long-lost relative.  Or in the case of […]

The Justice Department is suing Edward Snowden and his publisher MacMillan and Holtzbrinck. Snowden, a former contractor for the CIA and NSA government agencies, released his book Permanent Record today.  The Justice Department says that Snowden failed to “clear” the book with them, and they are now attempting to recover “all proceeds earned by Snowden […]

Microsoft issued security updates yesterday to plug roughly 80 security issues holes in its Windows operating systems and software. Over 25% of those updates are critical.  This is the fourth time this year that Microsoft has had to fix bugs in its Remote Desktop Feature. Two of the bugs resolved in this month’s patch batch […]

A server without password protection gave anyone access to more than 419 million Facebook users’ private information globally.   Each accessible record contained a user’s Facebook ID, phone number, and location.  Some even had the user’s name. This latest in a long string of incidents for Facebook exposed millions of users to significant risk to spam […]

Justin Schuh, Google Chrome’s security lead and Engineering Director, has issued a warning that all Chrome users need to run an update NOW.  Google Threat Analysis Group has identified a zero-day vulnerability that is actively being exploited: CVE-2019-5786. Although information remains limited on CVE-2019-5786, it is suspected to be a UAF vulnerability in FileReader.  The […]

  Google researchers released a report earlier today that warns your iPhone can be hacked just by visiting one innocent-looking website. A previous iPhone hacking campaign discovered by Google’s ProjectZero had identified at least five unique iPhone exploit chains that were capable of remotely jailbreaking an iPhone and loading spyware on it. Those exploit chains were […]

ProPublica says cyber-insurance companies are making the push to pay ransom demands because it saves them money in the long run.  A $500,000 payout makes better financial sense than  a recovery campaign that could cost millions.  The recent even in Lake City, Florida is a good example.  Ransomware attacks were covered under the city’s cyber-insurance […]

  According to researchers from Accenture’s iDefense team, this newer version is ready for wide-scale attacks, with increased ability to kill a number of security products, and a main payload run directly from memory. “The password requirement…prevented the malware from being widely distributed worldwide and required the attackers to install the ransomware mostly through a […]

Cybersecurity company Glasswall’s August 2019 Threat Intelligence Bulletin stated that the technology sector accounts for nearly half of phishing campaigns.  Software developers appear to be the most common target.  Hackers are often looking to steal intellectual property or copy products. A key reason they target developers is the administrator privileges across multiple systems that are […]

KrebsOnSecurity has reported that a ransomware outbreak that compromised QuickBooks cloud hosting firm iNSYNQ in mid-July started with a phishing attack. A sales employee for iNSYNQ apparently fell victim to the hacker tactic, and hackers were free to romp around the iNSYNQ internal network for almost ten days. They then unleashed their ransomware. iNSYNQ chief executive Elliot Luchansky briefed […]

Despite Valve determining that a flaw submitted by their bug bounty program HackerOne was “Not Applicable”, two independent researchers confirmed a zero-day privilege escalation vulnerability in the popular Steam game client for Windows.  The vulnerability allowed an attacker with limited permissions to run a program as an administrator. This posed a significant threat to Steam […]

Muhammad Fahd, a 34-year-old Pakistani national arrested by the United States Federal Government back in February has now been charged with bribing employees at AT&T call center in Bothell, Washington, and was extradited to the U.S. on Friday. For over five years Fahd unlocked more than 2 million phones and planted malware on the telecommunication […]

Security researchers from Tencent’s Blade team discovered a series of Android vulnerabilities collectively known as QualPwn in February and March this year.  The vulnerabilities lie in the WLAN and modem firmware of Qualcomm chipsets.  Hundreds of millions of Android devices are at risk of complete take over. “One of the vulnerabilities allows attackers to compromise […]

ESET researchers have discovered a new Android ransomware strain called Android/Filecoder.C.  The strain was distributed on adult content-related topics in Reddit and in the “XDA developers” forum under the guise of a “sex simulator” app.  Clicking the link downloads the ransomware.  It then uses the victims contact list to further distribute the infected link via […]

According to a study by Ocean Tomo, intangible assets have emerged as the leading determinant of a company’s value.  From 1975 to 2025, the value of tangible assets dropped from 83% down to 16% while the intangibles went from 17% to 84%.   A company’s value derives from its tangible and intangible assets. Intangible assets include […]