Encryption Breaking Malware “Reductor” Threatens Windows Users

Researchers at Kaspersky have uncovered a new highly sophisticated, high impact malware threat that breaks encryption:  Reductor.  According to the researchers, the malware “compromises encrypted web communications in an impressive way” and gives the threat actors behind it “capabilities that few other actors in the world have.” Reductor compromises the encrypted HTTPS communication, which enables the attacker to see all …

FBI Releases Malware Threat Warning

The Federal Bureau of Investigation (FBI) released a warning to U.S. businesses and organizations Wednesday regarding high-impact threats across the country.  Numerous cyberattacks have been documented recently involving ransomware.  Despite the ever-evolving attack strategies, the FBI highlights three main attack techniques that are being used by criminals to avoid detection and infiltrate businesses and organizations:  email phishing campaigns, remote desktop …

Autumn Aperture: Don’t Enable Macros

According to Danny Adamitis and Elizabeth Wharton from Prevailion, spear phishing emails have been targeting the U.S. utilizing an obscure file format to beat antiviral software.  They call this campaign “Autumn Aperture”.  Attackers are sending word documents to recipients with content specialized to the victim’s recent activities.  This level of specialization results in a significantly high success rate.  Before the …

Malware Attack Closes Alabama Hospitals

Not one but THREE hospitals in the DCH Health System in Alabama are unable to accept new patients today due to ransomware: DCH Regional Medical Center in Tuscaloosa, Northport Medical Center in Northport, and Fayette Medical Center.  Cybercriminals have demanded an undisclosed amount of money for the unlock code. “A criminal is limiting our ability to use our computer systems …

‘Checkm8’: A Permanent Bootrom Vulnerability

A security researcher who goes by the Twitter handle “axi0mX” announced on Friday that there is a permanent Bootrom vulnerability “checkm8” in Apple iOS.  The flaw enables bypassing the security protections present in most Apple mobile devices.  Downside: cannot be patched.  Upside: physical access is needed  to exploit it and a system restart erases any backdoor access. If run successfully, …

Airbus Victim of Multiple Attacks

Airbus, a European aerospace company, had found itself the victim of several possible Chinese hacker attacks searching for proprietary data and insider secrets. According to sources, AFP spoke to seven security and industry sources, all of whom confirmed a spate of attacks in the past 12 months but asked for anonymity because of the sensitive nature of the information they were …

NOT Your Prince Charming: Old Scam Makes Updated Revival

“Advance fee” or “419” scams have been around for years.  The scam works via an attempt to contact the victim so they can be gifted an exuberant amount of funds left unclaimed by a deceased individual who has the same last name as the victim or is their long-lost relative.  Or in the case of our prince, begging assistance from …

Snowden & Publisher Sued for Book Proceeds

The Justice Department is suing Edward Snowden and his publisher MacMillan and Holtzbrinck. Snowden, a former contractor for the CIA and NSA government agencies, released his book Permanent Record today.  The Justice Department says that Snowden failed to “clear” the book with them, and they are now attempting to recover “all proceeds earned by Snowden because of his failure to …

Microsoft Security Patch Released 9/10/19

Microsoft issued security updates yesterday to plug roughly 80 security issues holes in its Windows operating systems and software. Over 25% of those updates are critical.  This is the fourth time this year that Microsoft has had to fix bugs in its Remote Desktop Feature. Two of the bugs resolved in this month’s patch batch (CVE-2019-1214 and CVE-2019-1215) involve vulnerabilities …

Over 400 Million Facebook Users’ Phone Numbers Found Online

A server without password protection gave anyone access to more than 419 million Facebook users’ private information globally.   Each accessible record contained a user’s Facebook ID, phone number, and location.  Some even had the user’s name. This latest in a long string of incidents for Facebook exposed millions of users to significant risk to spam calls and SIM-swapping schemes, even …

Chrome Security Fix

Justin Schuh, Google Chrome’s security lead and Engineering Director, has issued a warning that all Chrome users need to run an update NOW.  Google Threat Analysis Group has identified a zero-day vulnerability that is actively being exploited: CVE-2019-5786. Although information remains limited on CVE-2019-5786, it is suspected to be a UAF vulnerability in FileReader.  The potential exists for an attacker …

Google Researchers Warn iPhone Users to Keep Security Up

  Google researchers released a report earlier today that warns your iPhone can be hacked just by visiting one innocent-looking website. A previous iPhone hacking campaign discovered by Google’s ProjectZero had identified at least five unique iPhone exploit chains that were capable of remotely jailbreaking an iPhone and loading spyware on it. Those exploit chains were found to utilize a total …

Managed Services Raleigh is like IT insurance

Cyber-Insurance Companies: Are They Fueling Ransomware Frequency Spikes?

ProPublica says cyber-insurance companies are making the push to pay ransom demands because it saves them money in the long run.  A $500,000 payout makes better financial sense than  a recovery campaign that could cost millions.  The recent even in Lake City, Florida is a good example.  Ransomware attacks were covered under the city’s cyber-insurance policy.  The city paid the …

Surge in Ransoms Expected Due to MegaCortex 2.0

  According to researchers from Accenture’s iDefense team, this newer version is ready for wide-scale attacks, with increased ability to kill a number of security products, and a main payload run directly from memory. “The password requirement…prevented the malware from being widely distributed worldwide and required the attackers to install the ransomware mostly through a sequence of manual steps on …

Threat Intelligence Bulletin Warns Software Developers are High Targets

Cybersecurity company Glasswall’s August 2019 Threat Intelligence Bulletin stated that the technology sector accounts for nearly half of phishing campaigns.  Software developers appear to be the most common target.  Hackers are often looking to steal intellectual property or copy products. A key reason they target developers is the administrator privileges across multiple systems that are a usual part of software …

iNSYNQ Ransom Attack Possibly Caused by Phishing

KrebsOnSecurity has reported that a ransomware outbreak that compromised QuickBooks cloud hosting firm iNSYNQ in mid-July started with a phishing attack. A sales employee for iNSYNQ apparently fell victim to the hacker tactic, and hackers were free to romp around the iNSYNQ internal network for almost ten days. They then unleashed their ransomware. iNSYNQ chief executive Elliot Luchansky briefed customers on the cause, current …

Steam Zero-Day Vulnerability Discovered and Fixed

Despite Valve determining that a flaw submitted by their bug bounty program HackerOne was “Not Applicable”, two independent researchers confirmed a zero-day privilege escalation vulnerability in the popular Steam game client for Windows.  The vulnerability allowed an attacker with limited permissions to run a program as an administrator. This posed a significant threat to Steam users—over 100 million of them. …

Pakistani National Faces 20 Year Sentence for AT&T Unlock Scheme

Muhammad Fahd, a 34-year-old Pakistani national arrested by the United States Federal Government back in February has now been charged with bribing employees at AT&T call center in Bothell, Washington, and was extradited to the U.S. on Friday. For over five years Fahd unlocked more than 2 million phones and planted malware on the telecommunication company’s network. According to an …