Latest Ransomware Being Offered “as-a-service” to Wannabe Hackers

The gang behind a family of ransomware that has been active for well over a year now have tweaked their tactics in order to ensure the file-locking malware campaign is as effective as possible. GandCrab first emerged in January 2018 and has remained one of the most successful forms of ransomware ever

GandCrab operates an affiliate model, with its authors providing the ransomware “as-a-service” to wannabe hackers in exchange for a 30 to 40 percent cut of the profits.  But now researchers have observed adverts for GandCrab being posted on underground forums, specifically targeted at crooks with skills around operating remote desktop protocols, virtual network computing and experience of infiltrating corporate networks. …  There’s currently no free means of decrypting files locked with (the latest versions of ) GandCrab…

ZDNet.com click the link to read the rest of the story.

How many layers of security do you have in place to protect you?Join the conversation on our Facebook Page!

All Intel chips open to new Spoiler attack: There is no quick fix

Researchers have discovered a new flaw affecting all Intel chips due to the way they carry out speculative execution for CPU performance gains.   Like the Spectre and Meltdown attacks revealed in January 2018, Spoiler also abuses speculative execution in Intel chips to leak secrets. …Daniel (Ahmad) Moghimi, one of the paper’s authors, told The Register he doubts Intel will be able to patch the issue in the memory subsystem within the next five years.

ZDNet.com click the link to read the rest of the story.

Do you use Intel chips?Join the conversation on our Facebook Page!

Here are the data brokers quietly buying and selling your personal information

You’ve probably never heard of many of the data firms registered under a new law, but they’ve heard a lot about you. A list, and tips for opting out.

FastCompany.com click the link to read the rest of the story.

Will you use this list to opt out?Join the conversation on our Facebook Page!

Phishing alert: One in 61 emails in your inbox now contains a malicious link

The number of phishing attacks is on the rise, more than doubling in recent months, with one in 61 emails delivered to corporate inboxes found to contain a malicious URL. …

The emails are often designed to look like they come from legitimate senders – like a companyor a colleague – in order to gain the trust of the victim, before duping them into clicking the malicious link. …The purpose of the malicious URL could be to deploy malware onto the PC or it could encourage the victim to enter sensitive information into a fake version of a real service…

ZDNet.com click the link to read the rest of the story.

Have many do you think you get every day?Join the conversation on our Facebook Page!

Chinese Digital Surveillance Secrets Revealed In Database Leak

Earlier this month, security researcher Victor Gevers found and disclosed an exposed database live-tracking the locations of about 2.6 million residents of Xinjiang, China, offering a window into what a digital surveillance state looks like in the 21st century. …

EFF.org click the link to read the rest of the story.

What can we do?Join the conversation on our Facebook Page!

Hackers using stolen passwords to access TurboTax returns

Let this be a lesson: Don’t reuse your passwords.

Hackers accessed tax return information stored with TurboTax using a stolen password from a third party, an Intuit spokesman said Monday.

The attack, earlier reported in Dark Reading, didn’t breach the internal systems at Intuit, which owns TurboTax. Instead, attackers took lists of passwords stolen from other services and used them to try to log in to TurboTax accounts, the spokesman said. There, valuable personal information, such as Social Security numbers, names and addresses, is stored in tax returns.

CNet.com click the link to read the rest of the story.

Do you still use the same passwords over and over?Join the conversation on our Facebook Page!

Use a Cisco router? Patch it now ! It’s a 9.8/10 Security hole

Cisco is warning businesses that use its wireless VPN and firewall routers to install updates immediately due to a critical flaw that remote attackers can exploit to break into a network.  The vulnerability allows any attacker with any browser to execute code of their choice via the web interface used for managing Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router.

ZDNet.com click the link to read the rest of the story.

Have you made sure yours is patched?Join the conversation on our Facebook Page!

Trojan malware: The hidden cyber threat to your PC

A recent report from security company Malwarebytes reveals how trojans and backdoor attacks have rocketed in the past year. … “We’re seeing a new generation of stealers make an impact recently,” says Jérôme Segura, head of threat intelligence at Malwarebytes. … Gaining persistent remote access — be it to a single user’s computer, or a whole network — is key to many cyber attacks: if they’re stealthy enough, hackers can remain undetected for a long time, as they work towards their long-term goals.

ZDNet.com click the link to read the rest of the story.

Do you ignore these threats?Join the conversation on our Facebook Page!

 

There is no single solution to computer security

Anyone who regularly attends the Blackhat or Defcon conferences should understand that short of unplugging a computer system from its power source, it is not possible to rule out serious system and data compromise. There will never be any “silver bullets” to slay the security vulnerability werewolf.

Medium.com click the link to read the rest of the story.

How many layers of security do you have? Join the conversation on our Facebook Page!

Severe vulnerabilities uncovered in popular password managers

Passwords stored in RAM could lead to theft, but the report has to be considered in a risk-based context. …

Independent Security Evaluators (ISE) published an assessment on Tuesday which documented the results of tests involving 1Password, Dashlane, KeePass and LastPass, all of which are popular password managers available today.

ZDNet.com click the link to read the rest of the story.

Do you use a password manager?  Are you concerned?Join the conversation on our Facebook Page!

You have around 20 minutes to contain a APT attack

Governments and private organizations have around 20 minutes to detect and contain a hack…

New statistics published today by US cyber-security firm Crowdstrike ranked threat groups based on their “breakout time.”  “Breakout time” refers to the time a hacker group takes from gaining initial access to a victim’s computer to moving laterally through its network. This includes the time the attacker spends scanning the local network and deploying exploits in order to escalate his access to other nearby computers.

According to data gathered from 2018 hack investigations, CrowdStrike says Russian hackers (which the company calls internally “Bears”) have been the most prolific and efficient hacker groups last year, with an average breakout time of 18 minutes and 49 seconds.

ZDNet.com click the link to read the rest of the story.

How quickly can your business respond to an attack?Join the conversation on our Facebook Page!

Why Online Privacy Matters and 5 Ways to Reclaim It

It’s the most common argument against privacy: “If you’ve got nothing to hide, you’ve got nothing to fear.” It’s also the silliest argument against privacy.

Privacy expert and author Daniel Solove has torn down this fallacy in his paper on the subject. But Solove’s essay is a complex take on a nuanced subject. Instead, the simple rhetoric of the “nothing to hide” argument is easier to repeat.

But no matter how little you have to hide, the implications of online privacy breaches are major. These few resources explain the pitfalls clearly and concisely.

MakeUseOf.com click the link to read the rest of the story.

What steps have you take to regain your online privacy?Join the conversation on our Facebook Page!

Microsoft security chief: IE is not a browser, so stop using it

Is Internet Explorer (IE) a browser? According to Microsoft, no. Today, it’s a ‘compatibility solution’ for enterprise customers to deal with legacy sites that should be updated for modern browsers.  … Chris Jackson, Microsoft’s worldwide lead for cyber-security, … that habit needs to stop … ‘The perils of using Internet Explorer as your default browser’.

ZDNet.com click the link to read the rest of the story.

Are you still using IE because it’s cheaper?Join the conversation on our Facebook Page!

I like Windows 7: Why should I pay to move to Windows 10?

Actually, you don’t have to pay.  Read the article to find out why. But you really should move to Windows 10!

There’s one key feature that makes Windows 10 a must-do upgrade: Security. Windows 10 has far better intrinsic security features than Windows 7. This makes sense, because when Microsoft introduced Windows 10, it had six years more experience fighting off cyberattacks than it had when Windows 7 was introduced.

ZDnet.com click the link to read the rest of the story.

If you haven’t migrated to Windows 10 yet, why not?Join the conversation on our Facebook Page!

New Google Chrome Add-On Warns When Your Password Isn’t Private

If someone else has used the same password as you and it’s listed in a dump, guess what? Your own account is also at risk. It doesn’t even matter if you used that password on a different website. Once it’s exposed, it’s just not safe to use any more.

With leaks and hacks happening more or less non-stop it’s a difficult task to keep your accounts secure.

Forbes.com click the link to read the rest of the story.

Did you know how easy it was to have a risky password?Join the conversation on our Facebook Page!

Billions of Hacked Passwords and Usernames now Free: on the Dark Web

More than 600 gigabytes of hacked accounts from years ago have been compiled and are free to download.

You can check if you were affected by the massive data set with the HPI’s search tool.

Cnet.com click the link to read the rest of the story.

Have you checked to see if your accounts have been hacked?Join the conversation on our Facebook Page!

Microsoft: its time for Internet Explorer 10 Rest In Peace

Microsoft is giving commercial customers until January 2020 to transition to IE 11.  “After this, we will not release any security or non-security updates, free or paid assisted support options, or online technical content changes for IE10,” Microsoft says.

ZDNet.com click the link to read the rest of the story.

Is your office still using Internet Explorer?Join the conversation on our Facebook Page!

Simple changes that Minimize Risk While Surfing the Web on Your Phone

Here are a total of 10 simple and mostly free solutions to help you take better control of your mobile security. Take it slow, but by all means: Do take it. It’s worth the effort.

Medium.com click the link to read the rest of the story.

Have you taken the time to secure your phone?Join the conversation on our Facebook Page!

12 Free Tools to Scan Your Website’s Security

If you or your business has a website website you really should take a few minutes and check to make sure it is malware free.  People visiting sites with malware remember to avoid them in the future.  Here is a list out free tools to scan your site for security vulnerabilities, malware.

geekflare.com click the link to read the rest of the story.

Have you been alerted of malware when visiting a local business website?Join the conversation on our Facebook Page!

Fake meeting request from the boss steals passwords

Called to a meeting with the CEO? Don’t be so sure.

A widespread phishing campaign is targeting executives across a number of industries with messages asking to reschedule a board meeting in an effort to steal logins and passwords.

ZDNet.com click the link to read the rest of the story.

Has your office received on of these yet?Join the conversation on our Facebook Page!

How to use Google’s Password Alert tool to thwart phishing attacks

Google’s built a new tool in the fight against phishing. The free Password Alert Chrome extension keeps track of where you enter your Google account password and alerts you when you’ve entered it someplace other than accounts.google.com. This does two things: it prevents you from re-using your Google password on other sites, and it protects you if you’ve entered your password on a site that’s pretending to be Google to collect your private information, a practice also known as phishing.

Cnet.com click the link to read the rest of the story.

Have you been scammed into giving up your gmail password?Join the conversation on our Facebook Page!

The market for cyber-insurance is growing

A survey in 2018 by KPMG found that only a fifth of it bosses thought their firm was well prepared for an attack. … The market is most developed in America, says Robert Hannigan, one of those ex-gchq bosses, thanks in part to Californian laws passed in 2003 that compel firms to confess to large data breaches.

The Economist click the link to read the rest of the story.

Is you firm covered by cyber-insurance?Join the conversation on our Facebook Page!

Mac Users Beware: New Ad Technique Infects You With Trojans

Recent months have seen an uptick in reports of JavaScript malware that hides in image files. This is often referred to as “image based malware” or “steganography malware” in more technical contexts. …

Medium.com click the link to read the rest of the story.

Have you been hit by this attack?Join the conversation on our Facebook Page!

WordPress sites under attack via zero-day in abandoned plugin

WordPress site owners using the “Total Donations” plugin are advised to delete the plugin from their servers… This affects all versions of Total Donations, a commercial plugin that site owners have bought from CodeCanyon over the past years, and have used to gather and manage donations from their respective user-bases.

ZDNet.com click the link to read the rest of the story.

Were you using it?Join the conversation on our Facebook Page!

 

How to Spot Phishing: It’s the Most Common Cyber Attack

One percent of emails sent today are phishing attempts. And it often represents a more serious threat than the nuisance offers for free money we’ve all seen in our inboxes. Phishing is about stealing your password.

Medium.com click the link to read the rest of the story.

Take their quiz?  How did you do on it?Join the conversation on our Facebook Page!

Security researchers take down 100,000 malware sites last year

Over the last ten months, security researchers filed abuse reports with web hosting providers and have taken down nearly 100,000 URLs that were used to distribute malware … the organization noted that recent numbers indicate that the average take-down time has now increased to more than a week, to 8 days, 10 hours, and 24 minutes, giving malware authors more than enough time to infect thousands of device every day. …

ZDNet.com click the link to read the rest of the story.

How much damage could this cause your customers if your site were infected?Join the conversation on our Facebook Page!