More WordPress Security Issues – Malware Hiding in Popular Plugins

There is more bad news for WordPress website owners and developers.  WordFence has found more instances of popular plug-ins being modified to contain malicious software.  The three most recent discoveries are:

WordFence had reported earlier about another 9 ...

Continue Reading →
0

Security Issue With CCleaner

Piriform’s CCleaner is a popular computer cleaning and optimizing product that many people use.  I have my doubts about the real effectiveness of these utilities, but many of my clients swear by it.  I have used CCleaner myself several times as one of the tools I used to clean up a malware infection.

Recently, the CCleaner software code was modified  to include a malicious backdoor.  This warning was published earlier in one ...

Continue Reading →
0

BlueBorne Bluetooth Hijacker – What Do We Know?

Cybersecurity researchers at Armis Labs have released information about a new attack vector called BlueBorne.  This exploit has the potential to put millions of devices running Windows, Linux, Android or iOS operating systems at risk.

This exploit allows attackers to connect over the Bluetooth radio system with having to first pair the two Bluetooth enabled devices.  Once installed, the attacker has full control of ...

Continue Reading →
0

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


US-CERT: Alert (TA17-181A) Petya Ransomware

Systems Affected

Microsoft Windows operating systems

Overview

This Alert has been updated to reflect the National Cybersecurity and Communications Integration Center’s (NCCIC) analysis of the “NotPetya” malware variant.

The scope of this Alert’s analysis is limited to the newest Petya malware variant that ...

Continue Reading →
0

How Hard Is It To Become A Cyber-Criminal?

According to a recent article on Naked Security, not at all hard.  While at Black Hat in Las Vegas, researchers from Sophos gave a presentation that dissected the “Philadelphia” ransom software as a service (SaaS) model.

Anyone can buy the Philadelphia ransomware kit on the Dark Web for $400.  And for this nominal investment, the would-be attacker gets a simple executable file that sets up the whole system automatically. ...

Continue Reading →
0

Will Artificial Intelligence Beat Real Intelligence?

One of the persistent memes that interest me is the impending event sometimes known as “the singularity.”  This is a probable future where our electronic devices become self-aware and fully autonomous.  We see the beginnings of this happening all around us in devices like Amazon’s Alexa and Echo, The Nest and Google communities of smart devices, self-driving vehicles, and all the Internet of Things (IoT) devices that listen to ...

Continue Reading →
0

Email Account Hijacking – Part 3 Extending the Exploit

On Monday and Wednesday we looked at email account hijacking, how it happens, and what can happen after the account is controlled by an attacker.  Today we will see how an attacker could use the beachhead they established in your email account to extend their intrusion.

They have already proven that you are susceptible to phishing and other social engineering exploits.  So sending the victim other phishing emails that allow more access ...

Continue Reading →
0

Latvian Cyber Crook Extradited for 2010 Star Tribune Malvertising Exploit

Back in February 2010, the Minneapolis StarTribune website was the victim of a malvertising exploit.  Visitors to the Strib website would download malware that caused the computer to become slow and malfunction.  Then a pop-up window would appear that advised the visitor that their computer was infected with malware, and the purchase of a $49.95 anti-malware product would solve the problem.  I remember working on the computers of several clients who ...

Continue Reading →
0

Ransomware is not Dead Yet

Toward the end of last year I made a pair of bold predictions.  The first, that ransomware exploits would start declining, because anti-malware software companies were bringing products online that would prevent the encryption from taking place.  The second, there would be an increase in Business Email Compromise (BEC) exploits, as cyber-criminals turned to new income streams.  I was only half right.

BEC exploits have increased, because the potential returns are so ...

Continue Reading →
0
Page 3 of 8 12345...»