Latest News – 2

Latest News

Android Security Threat As ‘Unremovable’ Malware Infects 45,000 Phones So Far

It is not unusual for Android smartphone users to be the target of malware, which is hardly surprising given that there are more than 2.5 billion active Android devices out there. Cybercriminals will always follow the money, and more users mean more opportunity to infect.

Ransomware incident to cost Danish company a whopping $95 million

Demant, one of the world's largest manufacturers of hearing aids, expects to incur losses of up to $95 million following what appears to be a ransomware infection that hit the company at the start of the month.

Ransomware Attacks Rise 37% in Q3, Targeting IT Vendors, Their Clients: Beazley

Ransomware attacks increased by 37% during the third quarter of 2019, compared to Q2, as cyber criminals target both IT vendors and their clients, according to data compiled by insurer Beazley.

One-quarter (24%) of all ransomware incidents reported to Beazley Breach Response (BBR) Services – Beazley’s in-house breach response team – during Q3 were caused by an attack on an IT vendor or managed service provider (MSP).

Bed Bath & Beyond discloses breach

Late Tuesday, the company said email and password information were acquired by an outside source and that less than 1 percent of online customer accounts were compromised. Additionally, no online customers' payment cards were impacted and notifications have been to select customers. The date of the breach was not disclosed.

Because of the breach the company has hired what it described as "a leading security forensics firm and has implemented remedial measures."

California Provider to Close After Ransomware Attack Damages System

Wood Ranch Medical reported ransomware recently encrypted its systems and backups, which the provider was unable to recover; Campbell County continues its recovery and another ransomware incident complete this week’s breach roundup.

One cyber attack can cost major APAC ports $110B

In an "extreme" scenario, a single software virus infecting 15 ports across five Asian markets including Singapore, Japan, and China, can result in losses totalling $110 billion, estimates a new study, which notes 92% of such costs remain uninsured.

ATTK of the Pwns: Trend Micro's antivirus tools 'will run malware – if its filename is cmd.exe'

Video A flaw in the Trend Micro Anti-Threat Toolkit can be exploited by hackers to run malware on victims' Windows computers.

Bug-hunter John "hyp3rlinx" Page took credit for uncovering CVE-2019-9491, an arbitrary code execution flaw in the security tool.

Researchers Discover TPM-Fail Vulnerabilities Affecting Billions of Devices

A team of cybersecurity researchers today disclosed details of two new potentially serious CPU vulnerabilities that could allow attackers to retrieve cryptographic keys protected inside TPM chips manufactured by STMicroelectronics or firmware-based Intel TPMs.

Trusted Platform Module (TPM) is a specialized hardware or firmware-based security solution that has been designed to store and protect sensitive information from attackers even when your operating system gets compromised.

Microsoft Windows Warning As 4,700 Machines Compromised Every Day

It is now more than two years since the world was introduced to EternalBlue, Microsoft Windows exploit thought to have been developed by the National Security Agency (NSA) and subsequently leaked. That initial introduction was by way of the WannaCry ransomware attack that spread rapidly across the globe. Unfortunately, it would appear that EternalBlue exploiting malware is still alive today and kicking hard.

Backups The Latest Malware Target

A spate of ransomware attacks on healthcare companies this past week, both in the USA and in Australia, highlights the need for robust data protection once again.

Ransomware forces 3 hospitals to turn away all but the most critical patients

Ten hospitals—three in Alabama and seven in Australia—have been hit with paralyzing ransomware attacks that are affecting their ability to take new patients, it was widely reported on Tuesday.

Officials say at least 20 Texas government entities targeted in cyber attack

At least 20 local government entities across Texas were hit by a ransomware attack, authorities announced Friday.

The Texas Department of Information Resources (DIR) said in a statement that officials from state agencies were responding to the cyber attack, but did not release the identities of affected agencies.

Eye Care Associates Hit by Ransomware Attack - Business Journal Daily

BEAVER TOWNSHIP, Ohio – Eye Care Associates Inc., the largest ophthalmology and optometry practice in the region, was the victim of a ransomware attack two weeks ago that locked – and still locks – its computer systems.

As of this posting, the computer system is still down, although operations should be fully restored in “the next day or two,” Mary Jo Sierra, director of operators, said Tuesday.

Aberdeen hospital's computers struck by ransomware hack attack

ABERDEEN, Wash. - A ransomware attack by hackers has scrambled data on computer systems at Grays Harbor Community Hospital in Aberdeen, including patient health information, officials said Wednesday.

Symantec cannot handle SHA-2 and breaks Windows 7 and Server 2008 R2

If only Symantec had any sort of forewarning about Microsoft moving to use SHA-2 signed updates, everything might have gone smoother.

It seems that six months is not enough for Symantec to get its ducks in a row, as its anti-virus software is unable to handle SHA-2 signatures, and led to Microsoft withholding updates from certain devices.

MegaCortex ransomware slams enterprise firms with $5.8 million blackmail demands

A new variant of MegaCortex ransomware is making its way across Europe and the United States, leaving blackmail demands worth millions in its wake.

Accenture iDefense researchers described campaigns making use of MegaCortex v.2 in a blog post on Monday. According to Leo Fernandes, Senior Manager of the Malware Analysis and Countermeasures (MAC) team, the operators behind the ransomware are focusing on corporate targets -- and are in it to hit the criminal jackpot.

'Destructive' malware attacks have surged 200% in past year, experts say

Aug. 7 (UPI) -- As several U.S. cities grapple with recent ransomware cyberattacks, a new report says malware events featuring destructive elements that can wipe away or hijack data have doubled in the past year.

IBM's X-Force Incident Response and Intelligence Services team released the report Monday, which outlines a 200 percent increase in the number of destructive attacks it's responded to since the second half of 2018.

A City Paid a Hefty Ransom to Hackers. But Its Pains Are Far From Over.

LAKE CITY, Fla. — Audrey Sikes, city clerk of Lake City, Fla., has a thing for documents: She does not like losing them.

It falls to Ms. Sikes, as official custodian of records for this city of 12,000 people about an hour west of Jacksonville, to maintain Lake City’s archives. She keeps a log of public record requests and has spreadsheets that track things like property deeds and building permits. She spent years digitizing all the papers of a city that incorporated before the Civil War.

Warning As New Malware Bypasses Network Security Measures To Enable Attacks On PCs

Another dire warning for Windows users this week, after threat researchers at Proofpoint disclosed "a previously undocumented malware." This one had a twist, though, this malware was not an attack in itself, it was an enabler, hiding on infected computers, establishing a proxy that other malware can then use to manage traffic to the PC and carry out their threats.

Malware and botnets: Why Emotet is dominating the malicious threat landscape in 2019

The banking trojan turned botnet accounts for almost two-thirds of all malware payloads delivered by email - with malicious URLs favoured far more than weaponised attachments.

Customers of 3 MSPs Hit in Ransomware Attacks

Early information suggests threat actors gained access to remote monitoring and management tools from Webroot and Kaseya to distribute malware.

Florida city pays $600,000 to hackers who seized its computer system

Fort Lauderdale Fla. — A Florida city agreed to pay $600,000 in ransom to hackers who took over its computer system, the latest in thousands of attacks worldwide aimed at extorting money from governments and businesses.

5 More Healthcare Providers Fall Victim to Ransomware Attacks

Last week, Colorado-based NEO Urology paid a $75,000 ransom to unlock its systems; since then, another five providers reported ransomware attacks that drove many to pen and paper.

Chinese Spy Group Mixes Up Its Malware Arsenal with Brand-New Loaders

The Chinese-language cyber-espionage group known as APT10 has apparently added to its malware bag of tricks, with two never-before-seen malware loader variants used in April campaigns against government and private organizations in Southeast Asia.

Ransomware Cloaked by Anti-Virus Software, Tax Software Firm Fights Malware

Catching up on some recent possibly overlooked cybersecurity stories: new Dharma ransomware infecting victims by cloaking itself with anti-virus software; and a malware attack against Dutch accounting software giant Wolters Kluwer.

Ransomware halts production for days at major airplane parts manufacturer

ASCO, one of the world's largest suppliers of airplane parts, has ceased production in factories across four countries due to a ransomware infection reported at its plant in Zaventem, Belgium.

CYAX MALWARE - EVASIVE LOADER REEMERGES

Towards the end of 2018, enSilo blocked a suspicious attack attempt originating from a generic PowerShell script. While investigating the attack our team discovered an interesting loader malware that delivers different payloads. During the time of writing this post, commercial Anti-Viruses (AVs) did not identify this script as hostile.

Researchers hide malware in benign apps with the help of speculative execution

A team of academics from the University of Colorado Boulder (UCB) has found a way to hide malware operations by leveraging the process of "speculative execution," the same CPU feature where the Meltdown and Spectre vulnerabilities were discovered last year.

RUSSIAN HACKERS GO FROM FOOTHOLD TO FULL-ON BREACH IN 19 MINUTES

IN THE HAND-WRINGING post mortem after a hacker breach, the first point of intrusion usually takes the focus: the phishing email that Clinton campaign manager John Podesta's aide accidentally flagged as legit, or the Apache Struts vulnerability that let hackers get access to an Equifax server. But Dmitri Alperovitch, chief technology officer of security firm CrowdStrike...

Newly Patched WinRAR Vulnerability Existed for 19 Years

The year 2000 was historic for a few reasons beyond the obvious emotional resonance of rolling over all the digits. There was a contested US presidential election, Y2K turned out to be overblown, and it was the first year those New Year’s glasses with the eye holes in the zeros made sense. It was also the year WinRAR introduced a serious vulnerability into its Windows application. That bug was just discovered after 19 years by researchers at Check Point Software. Oops.

Microsoft Issues Windows Server HTTP/2 Attack Advisory

Microsoft issued Security Advisory ADV190005 on Wednesday concerning a potential HTTP/2 settings issue for users of Internet Information Services (IIS) on Windows Server.

B0r0nt0K Ransomware Wants $75,000 Ransom, Infects Linux Servers

A new ransomware called B0r0nt0K is encrypting victim's web sites and demanding a 20 bitcoin, or approximately $75,000, ransom. This ransomware is known to infect Linux servers, but may also be able to encrypt users running Windows.

Toyota Australia hit by cyberattack; No customer data compromised

Toyota Australia, a subsidiary of Toyota Motor Corporation disclosed on February 21, 2019, that it has suffered a cyber attack. However, the motor company confirmed that no private data of employees or customers were compromised in the attack.

Melbourne hospital’s ransomware strike a reminder on malware's danger to your (data) health

Doctors, patients locked out after ransomware hits the heart of Cabrini Health’s specialist cardiac operations...

ConnectWise plugin flaw exploited in ransomware attacks on MSPs

GandCrab ransomware infected several managed service providers, thanks to an old a ConnectWise manage plugin vulnerability, but a new decryptor tool is offering relief to victims.

Cybersecurity helps manufacturers create more secure, resilient networks

If you know anyone who has a current state-of-the-art pacemaker, most likely it can be programmed via a Windows-based computer at the doctor’s office. Most pacemakers use near-field communications...

Porter Health Care System patients could get up to $5K from cyberattack settlement

Porter Health Care System patients whose personal information was stolen in a 2014 cyberattack are eligible for up to $5,000 under a settlement agreement...

Klaussner experiences cyber attack

ASHEBORO — Officials at Klaussner Home Furnishings have confirmed that the company, one of Randolph County’s largest employers, has been the victim of a cyber attack....

Ransomware Attack Via MSP Locks Customers Out of Systems

An attacker this week simultaneously encrypted endpoint systems and servers belonging to all customers of a US-based managed service provider by exploiting a vulnerable plugin for a remote monitoring and management tool used by the MSP...

New Astaroth Trojan Variant Exploits Anti-Malware Software to Steal Info

A new Astaroth Trojan campaign targeting Brazil and European countries is currently exploiting the Avast antivirus and security software developed by GAS Tecnologia to steal information and load malicious modules.

Cover your NASes: QNAP acknowledges mystery malware but there's no patch yet

Taiwanese NAS maker QNAP has admitted its devices are affected by mysterious malware that alters hosts files on infected boxen followingThe Register's report.

Cyber Attack Costs Can Cripple Small and Medium Sized Businesses

Think your company “can’t afford” cyber security? How much will a cyber attack cost?

Cost is arguably the biggest impediment to robust, proactive cyber security at small and medium sized businesses...

Israeli cyberexpert detects China hack in Ottawa, warns against using Huawei 5G

OTTAWA — A Chinese telecommunication company secretly diverted Canadian internet traffic to China, particularly from Rogers subscribers in the Ottawa area, says an Israeli cybersecurity specialist.

Sammamish cancels all city credit cards as FBI investigates ransomware attack

The King County Sheriff’s Office said the FBI is now investigating a ransomware attack on the City of Sammamish that was first announced Wednesday.

On Thursday, Sammamish said it planned to cancel all city credit cards as a precautionary measure but couldn’t yet say if the personal information of residents, employees or those who do business with the city had been compromised in the cyberattack.

Possible ransomware attack disturbs Altran Technologies’ European operations

French engineering research and consulting firm Altran Technologies disclosed this week that a Jan. 24 cyberattack impacted its operations in certain European countries.

In response to the incident, the company immediately shut down its IT network and all applications,” the company said in a press release issued on Monday.

Ransomware warning: A global attack could cause $200bn in damage - and we're just not ready

WannaCry and NotPetya just scratched the surface of the damage ransomware could do. This gloomy scenario looks at what could really go wrong.

A worldwide cyberattack could cost global economic losses of almost $200bn as organisations across sectors are still unprepared to face the consequences of a malicious global cyber campaign.

Fileless Malware: What Mitigation Strategies Are Effective?

Organizations need a separate mitigation plan for fileless malware because the threat it poses is so different than that posed by other malware, security experts say.

Key risk mitigation steps include: creating fail-safe operations; updating, monitoring and locking down Microsoft's PowerShell scripting language as well as enabling security features; minimizing administrative privileges; and implementing behavioral analytics.

Ransomware attack on Akron, Ohio takes down 311 service amid major snowstorm

Officials are investigating a ransomware attack that caused Akron, Ohio, to take down several city services, including its 311 public-information hotline and credit-card payments at numerous municipal agencies.

Hackers impersonate these 10 brands the most in phishing attacks

Though IT professionals frequently prioritize patching software vulnerabilities, end users are often the weakest link in the security chain. Social engineering attacks—typically in the form of phishing—continue to be a popular mode of attack for cybercriminals, especially for those targeting individual users rather than large corporations. Email security firm Vade Secure published on Wednesday their list of the most-impersonated brands in the Q4 2018 Phishers' Favorites report.

Dharma Gang Pushes Phobos Crypto-Locking Ransomware

New strains of ransomware are being distributed by attackers who gain remote access to organizations' networks, as well as via sites that share cracked versions of commercial software.

3 Compelling Reasons To Invest In Cyber Security - Part 3

In Part 1, I discussed assessing and prioritising your organisation's risks as well as commencing a risk assessment.  Part 2 involved the importance of assessing your organisation's supply chain and including such details within the overall risk assessment.

Microsoft finally reissues problem-plagued update - but should you get it?

The big Windows 10 October 2018 Update was supposed to bring few updated features like improved Storage Sense, a Your Photos desktop pin, an updated Emoji panel, more Fluent Design user interface improvements, multitasking Sets and improved game modes...

Researchers identify malware that can dismantle cloud security protections

A team of researchers have identified a new kind of malware that they say can remove cloud security products.

Researchers from Palo Alto Networks’ Unit 42 said in a report released Thursday that the malware samples they obtained, which are used by a hacking group known as “Rocke,” showed that they could remove security products from compromised Linux cloud servers.

LoJax Malware Continues to Operate 8 Months After Discovery

The conventional wisdom with malware is that you can kill it once and for all by wiping a system and starting from scratch. However, a particularly clever piece of surveillance software tied to the Russian government appears much more resistant. Even replacing drives won’t kill LoJax, which appears to still be operating more than eight months after researchers from Arbor Networks detailed the malware.

Ransomware Attack Closes Down Texas Town

The City of Del Rio was forced to return to pen and paper when a ransomeware attack rendered City Hall useless.

Officials in the City of Del Rio, Texas were forced to abandon electronic services after a ransomeware attack effectively closed down City Hall servers.

Addressing The Elephant in the Room: Cybersecurity’s Increasing Talent Shortage

The cybersecurity space is in dire straits. Hackers are getting smarter and more sophisticated…and the availability of skilled men and women to combat them has never been lower. It’s an issue that’s been slowly growing worse year over year, yet there’s no clear solution in sight. What’s a business leader to do?