Ransomware is not Dead Yet

Toward the end of last year I made a pair of bold predictions.  The first, that ransomware exploits would start declining, because anti-malware software companies were bringing products online that would prevent the encryption from taking place.  The second, there would be an increase in Business Email Compromise (BEC) exploits, as cyber-criminals turned to new income streams.  I was only half right.

BEC exploits have increased, because the potential returns are so ...

Continue Reading →
7
JUL
0

backup, Computers and Internet, cybersecurity, encryption, malware, ransomware, Security, social engineering

New PowerPoint Exploit Launches on Hover

A new exploit that uses a PowerPoint feature that enables “mouse-over actions.”  This feature allows a PowerPoint slide show to initiate activity without having to actually click on a link.  Just hovering on a link is enough to advance to the next step.  Since we have been teaching people for years to reveal a link destination by hovering over a link to show the top tip box, this exploit would ...

Continue Reading →
19
JUN
0

cybersecurity, malware, Phishing, Security, Trojan

, ,

Android Game Hides Crypto-Ransomware Exploit

There is a new encryption ransomware exploit hiding inside a spoofed copy of the popular Chinese game “King of Glory.”  Right now, this malware is affecting users in China, but it is a matter of time before another cyber-criminal group modifies it for English speaking victims.

This game is available on international gaming forums, and is being spread when gamers download a copy ...

Continue Reading →
16
JUN
0

Android, cybersecurity, encryption, malware, ransomware, smartphones, Virus, wireless

This Will Make You Wanna Cry

A post about an alert I received first from AlienVault, and then from everybody.  There is a new crypto-ransomware variant called Wanna Cry that is taking advantage of a recent Microsoft vulnerability that was patched back on March 14.  If your computers have not been updated with MS17-010, then those computers are vulnerable.  Microsoft considers this vulnerability significant enough to release it for Windows XP, even though official support ended over ...

Continue Reading →
15
MAY
0

cybersecurity, malware, ransomware, Software vulnerability

Are You Breached? Know What To Look For

The average number of days between a network intrusion and it’s detection by the victim is around 200 days, which is at least 199 days too long.  Sooner or later your company will suffer an network intrusion, computer incident, or data breach, in spite of your best efforts to prevent it.  The goal is to shorten the time between intrusion and detection.

A recently article on Tech ...

Continue Reading →
12
MAY
0

authentication, Computers and Internet, cybersecurity, malware

The Economics of the Tech Support Scam

We have reported a few times about the tech support scammers who use cold-calling phone lists or browser pop-ups with 800 number “support” lines to trick people into paying $300 or more for “malware removal” and other services that the computer doesn’t need.  And the pop-ups can be scary and convincing as in the example image.

Naked Security recently reported on the work ...

Continue Reading →
10
MAY
0

Computers and Internet, crapware, cybersecurity, malware, Security

US-CERT Warns About Airline Phishing Scams

What if there was a new phishing scam that had an open rate of 90%.  That’s right, this phishing email is so believable, 90 out of 100 recipients open the the attachment or click on the link without a second thought.

These attacks begin with the scammer researching the target victim.  These targets usually work at companies where there is a lot of air ...

Continue Reading →
26
APR
0

Computers and Internet, cybersecurity, malware, passwords, Phishing, Spyware, surveillance, Trojan

New Exploit Uses Office Documents

A new exploit is using Microsoft Office documents to deliver malware.  This is different from the reanimated macro exploits.  If this exploit, the target will receive an Office document, such as a Word file, as an email attachment.  Opening the attachment causes a malicious HTML application to be downloaded from the attackers C2 server.  This is executed as an .hta file, disguised as an RTF file.  The result is the ...

Continue Reading →
14
APR
0

Computers and Internet, cybersecurity, malware, Phishing, Security, Software vulnerability

Malware Turns Smartphone Into Eavesdropper

I read an interesting article on Naked Security the other day about how Hamas had used Facebook and social engineering tactics to trick Israeli soldiers into installing surveillance malware.  The malware allowed Hamas to track the soldiers using the phone’s GPS, and to turn on the microphone and video to actually listen in and and watch their targets.  Hamas undoubtedly picked up the ...

Continue Reading →
24
FEB
3

Computers and Internet, cybersecurity, Identity Theft, malware, Security, smartphones, Spyware, surveillance

Credential Stealing Malware in PDF Attachments

On Wednesday we talked about a phishing exploit that used malware to provide remote access and steal the personal information of the victims.  Today we continue the story with a similar exploit, called “Fareit” to “ferret out” the user credentials and other personal information the victims.

This exploit uses a phishing email to send the target either a PDF attachment or a Word attachment.  The PDF variant uses Windows Powershell to install. ...

Continue Reading →
10
FEB
0

Computers and Internet, cybersecurity, Dark Web, Identity Theft, malware, passwords, Phishing, Spyware

Page 9 of 14 «...7891011...»