Towards the end of 2018, enSilo blocked a suspicious attack attempt originating from a generic PowerShell script. While investigating the attack our team discovered an interesting loader malware that delivers different payloads. During the time of writing this post, commercial Anti-Viruses (AVs) did not identify this script as hostile.
A team of academics from the University of Colorado Boulder (UCB) has found a way to hide malware operations by leveraging the process of "speculative execution," the same CPU feature where the Meltdown and Spectre vulnerabilities were discovered last year.
IN THE HAND-WRINGING post mortem after a hacker breach, the first point of intrusion usually takes the focus: the phishing email that Clinton campaign manager John Podesta's aide accidentally flagged as legit, or the Apache Struts vulnerability that let hackers get access to an Equifax server. But Dmitri Alperovitch, chief technology officer of security firm CrowdStrike...
The year 2000 was historic for a few reasons beyond the obvious emotional resonance of rolling over all the digits. There was a contested US presidential election, Y2K turned out to be overblown, and it was the first year those New Year’s glasses with the eye holes in the zeros made sense. It was also the year WinRAR introduced a serious vulnerability into its Windows application. That bug was just discovered after 19 years by researchers at Check Point Software. Oops.
Microsoft issued Security Advisory ADV190005 on Wednesday concerning a potential HTTP/2 settings issue for users of Internet Information Services (IIS) on Windows Server.
A new ransomware called B0r0nt0K is encrypting victim's web sites and demanding a 20 bitcoin, or approximately $75,000, ransom. This ransomware is known to infect Linux servers, but may also be able to encrypt users running Windows.
Toyota Australia, a subsidiary of Toyota Motor Corporation disclosed on February 21, 2019, that it has suffered a cyber attack. However, the motor company confirmed that no private data of employees or customers were compromised in the attack.
Doctors, patients locked out after ransomware hits the heart of Cabrini Health’s specialist cardiac operations...
GandCrab ransomware infected several managed service providers, thanks to an old a ConnectWise manage plugin vulnerability, but a new decryptor tool is offering relief to victims.
If you know anyone who has a current state-of-the-art pacemaker, most likely it can be programmed via a Windows-based computer at the doctor’s office. Most pacemakers use near-field communications...
Porter Health Care System patients whose personal information was stolen in a 2014 cyberattack are eligible for up to $5,000 under a settlement agreement...
ASHEBORO — Officials at Klaussner Home Furnishings have confirmed that the company, one of Randolph County’s largest employers, has been the victim of a cyber attack....
An attacker this week simultaneously encrypted endpoint systems and servers belonging to all customers of a US-based managed service provider by exploiting a vulnerable plugin for a remote monitoring and management tool used by the MSP...
A new Astaroth Trojan campaign targeting Brazil and European countries is currently exploiting the Avast antivirus and security software developed by GAS Tecnologia to steal information and load malicious modules.
Taiwanese NAS maker QNAP has admitted its devices are affected by mysterious malware that alters
hosts files on infected boxen followingThe Register's report.
Think your company “can’t afford” cyber security? How much will a cyber attack cost?
Cost is arguably the biggest impediment to robust, proactive cyber security at small and medium sized businesses...
OTTAWA — A Chinese telecommunication company secretly diverted Canadian internet traffic to China, particularly from Rogers subscribers in the Ottawa area, says an Israeli cybersecurity specialist.
The King County Sheriff’s Office said the FBI is now investigating a ransomware attack on the City of Sammamish that was first announced Wednesday.
On Thursday, Sammamish said it planned to cancel all city credit cards as a precautionary measure but couldn’t yet say if the personal information of residents, employees or those who do business with the city had been compromised in the cyberattack.
French engineering research and consulting firm Altran Technologies disclosed this week that a Jan. 24 cyberattack impacted its operations in certain European countries.
In response to the incident, the company immediately shut down its IT network and all applications,” the company said in a press release issued on Monday.
WannaCry and NotPetya just scratched the surface of the damage ransomware could do. This gloomy scenario looks at what could really go wrong.
A worldwide cyberattack could cost global economic losses of almost $200bn as organisations across sectors are still unprepared to face the consequences of a malicious global cyber campaign.
Organizations need a separate mitigation plan for fileless malware because the threat it poses is so different than that posed by other malware, security experts say.
Key risk mitigation steps include: creating fail-safe operations; updating, monitoring and locking down Microsoft's PowerShell scripting language as well as enabling security features; minimizing administrative privileges; and implementing behavioral analytics.
Officials are investigating a ransomware attack that caused Akron, Ohio, to take down several city services, including its 311 public-information hotline and credit-card payments at numerous municipal agencies.
Though IT professionals frequently prioritize patching software vulnerabilities, end users are often the weakest link in the security chain. Social engineering attacks—typically in the form of phishing—continue to be a popular mode of attack for cybercriminals, especially for those targeting individual users rather than large corporations. Email security firm Vade Secure published on Wednesday their list of the most-impersonated brands in the Q4 2018 Phishers' Favorites report.
New strains of ransomware are being distributed by attackers who gain remote access to organizations' networks, as well as via sites that share cracked versions of commercial software.
In Part 1, I discussed assessing and prioritising your organisation's risks as well as commencing a risk assessment. Part 2 involved the importance of assessing your organisation's supply chain and including such details within the overall risk assessment.
The big Windows 10 October 2018 Update was supposed to bring few updated features like improved Storage Sense, a Your Photos desktop pin, an updated Emoji panel, more Fluent Design user interface improvements, multitasking Sets and improved game modes...
A team of researchers have identified a new kind of malware that they say can remove cloud security products.
Researchers from Palo Alto Networks’ Unit 42 said in a report released Thursday that the malware samples they obtained, which are used by a hacking group known as “Rocke,” showed that they could remove security products from compromised Linux cloud servers.
The conventional wisdom with malware is that you can kill it once and for all by wiping a system and starting from scratch. However, a particularly clever piece of surveillance software tied to the Russian government appears much more resistant. Even replacing drives won’t kill LoJax, which appears to still be operating more than eight months after researchers from Arbor Networks detailed the malware.
The City of Del Rio was forced to return to pen and paper when a ransomeware attack rendered City Hall useless.
Officials in the City of Del Rio, Texas were forced to abandon electronic services after a ransomeware attack effectively closed down City Hall servers.
The cybersecurity space is in dire straits. Hackers are getting smarter and more sophisticated…and the availability of skilled men and women to combat them has never been lower. It’s an issue that’s been slowly growing worse year over year, yet there’s no clear solution in sight. What’s a business leader to do?