Top CyberSecurity News For September 30th 2016

  1. Brazilian Hospitals Infected with Ransomware After RDP Brute-Force AttacksFrom Softpedia. 

    Members of TeamXRat, a hacking crew based in Brazil, have created their own ransomware variant that they spread to local companies and hospitals after taking control over their servers and networks via RDP (Remote Desktop Protocol) brute-force attacks.

    The group, who has previously created and sold banking malware, is at its first attempt at creating ransomware, which, based on a Kaspersky Lab analysis, seems to be derived from the Xorist ransomware, detected and decrypted back in March.


Top CyberSecurity News For 17th September 2016

  1. One Single Ransomware Gang Made over $121 MillionFrom Softpedia. 

Top CyberSecurity News For 4th September 2016

  1. Threat Alert: Cerber Ransomware v3 Spotted in the WildFrom Softpedia. A

    new version of the Cerber ransomware was released last week, which is easily to identify based on the .cerber3 extension it adds to all encrypted files.

    The move comes after crooks released version v1.5 and v2 in quick succession at the start of August. Before releasing Cerber v2, the crooks distributed v1 for more than six months, with very small updates, once in a while.

    The Cerber gang was forced to issue v2 in order to break a free decrypter provided by the infosec community that was hindering their profits by letting users recover files for free.

    2. Exposed: An inside look at the Magnitude Exploit KitFrom CSO Online. Researchers at Trustwave have provided CSO with an inside look at the Magnitude Exploit Kit’s infrastructure. Linked to attacks against and Yahoo, this kit has gone from obscurity to a certified threat in a short amount of time, while generating more than $60,000 USD per week in income.

Top CyberSecurity News For 28th August 2016

  1. Fantom Ransomware Mimics Windows Update ScreenFrom Softpedia. 

    Ransomware often tries to disguise its malicious behavior using various tricks. The latest method observed is that employed by a new variant called Fantom, which shows a fake Windows Update screen while, in reality, it’s encrypting the user’s files.

    The ransomware, spotted for the first time only a few days ago by AVG security researcher Jakub Kroustek, is coded on top of EDA2, a ransomware building kit that was open-sourced last year but eventually taken down.

    EDA2 contained flaws that allowed researchers to obtain the decryption keys from the ransomware’s C&C server. According to an analysis from Bleeping Computer, those flaws aren’t there anymore, meaning one of the Fantom coders must have found and fixed them.

Top CyberSecurity News For July 1st 2016

  1. Ransomware Attacks May Trigger Breach NotificationsFrom On The Wire. A powerful California congressman is pushing the federal government to treat ransomware attacks on medical facilities as data breaches and require notifications of patients. The pressure is coming from Rep. Ted Lieu (D-Calif.) and follows comments from officials at the Department of Health and Human Services about the department’s plan to issue guidance to health care organizations about ransomware attacks. The Office for Civil Rights section of HHS, which has responsibility for health information privacy, will provide guidance on how to handle ransomware attacks, and Lieu is eager to ensure that the guidance specifically addresses how ransomware attacks relate to data breach regulations.

  2. He Was a Hacker for the NSA and He Was Willing to Talk. I Was Willing to Listen. From The Intercept. The sender was a hacker who had written a series of provocative memos at the National Security Agency. His secret memos had explained — with an earthy use of slang and emojis that was unusual for an operative of the largest eavesdropping organization in the world — how the NSA breaks into the digital accounts of people who manage computer networks, and how it tries to unmask people who use Tor to browse the web anonymously. Outlining some of the NSA’s most sensitive activities, the memos were leaked by Edward Snowden, and I had written about a few of them for The Intercept.

Top CyberSecurity News For 29th June 2016

  1. A Massive Botnet of CCTV Cameras Involved in Ferocious DDoS AttacksFrom Softpedia. 

    A botnet of over 25,000 bots lies at the heart of recent DDoS attacks that are ferociously targeting business around the world. More exactly, we’re talking about massive Layer 7 DDoS attacks that are overwhelming Web servers, occupying their resources and eventually crashing websites. US-based security vendor Sucuri discovered this botnet, very active in the last few weeks, and they say it’s mainly composed of compromised CCTV systems from around the world. Their first meeting with the botnet came when a jewelry shop that was facing a prolonged DDoS attack opted to move their website behind Sucuri’s main product, its WAF (Web Application Firewall).

  2. New and improved CryptXXX ransomware rakes in $45,000 in 3 weeksFrom ArsTechnica. Whoever said crime doesn’t pay didn’t know about the booming ransomware market. A case in point, the latest version of the scourge known as CryptXXX, which raked in more than $45,000 (£34,344) in less than three weeks. Over the past few months, CryptXXX developers have gone back and forth with security researchers. The whitehats from Kaspersky Lab provided a free tool that allowed victims to decrypt their precious data without paying the ransom, which typically reaches $500 or more. Then, CryptXXX developers would tweak their code to defeat the get-out-of-jail decryptor. The researchers would regain the upper hand by exploiting another weakness and so on.

Top CyberSecurity News For 20th June 2016

  1. New RAA ransomware written in JavaScript discoveredFrom SCMagazine. A new variety of ransomware has been uncovered called RAA, but what is odd in this case is the creators took the somewhat unusual step of coding it in JavaScript instead of the more standard programming languages making it more effective in certain situations.

  2. Adobe Flings Flash Fix for Fresh APT TargetFrom BankInfoSecurity. Security experts are once again warning enterprises to immediately update – or delete – all instances of the Adobe Flash Player they may have installed on any system in the wake of reports that a zero-day flaw in the web browser plug-in is being targeted by an advanced persistent threat group.

Top CyberSecurity News For 10th June 2016

  1. How to Run a Russian Hacking RingFrom The Atlantic.  And for many of those cybercriminals, hacking is as unglamorous as any other business. That’s what a group of security researchers found when they infiltrated a ring of hackers based in Russia earlier this year, and monitored its dealings over the course of five months. The researchers were with Flashpoint, an American cybersecurity company that investigates threats on the dark and deep web. Their undercover operation began when they came across a post on a Russian hacker forum on the dark web—a part of the internet that’s inaccessible to regular browsers—that read very much like a get-rich-quick ad you might find on Facebook.

  2. Twitter denies security breach after hacker tries to sell 32M compromised accountsFrom Washington Times. Twitter on Thursday denied being the victim of a security breach amid reports that a hacker has put the log-in credentials for more than 32 million accounts up for sale on the dark web. LeakedSource, an online search engine for stolen data, said Wednesday that a pseudonymous hacker provided the website with a data set purportedly containing the usernames, passwords and other data pertaining to 32,888,300 Twitter accounts. Fifteen of the victims identified in the breach were contacted by LeakedSource, and each one verified the validity of the information supplied to the website.

Top CyberSecurity News For 9th June 2016

  1. Companies Are Stockpiling Bitcoin in Case They Get Infected with RansomwareFrom Softpedia.  According to the numbers crunched by Citrix and Censuswide, who polled 250 UK IT and security managers, one in three UK businesses is now creating a backup account for holding cryptocurrency such as Bitcoin in the event of a cyber-attack. Companies are willing to pay as much as £50,000 ($72,700) to unlock their computers and retrieve their IP (intellectual property) in case ransomware somehow makes it into their network. The exact percentages are 36 percent of the companies with 250-500 employees, 57 percent of the businesses with 501-1,000 employees, and 18 percent of the firms with over 2,000 employees.
  2. Enterprises Still Don’t Base Vuln Remediation On RiskFrom Dark Reading. “Despite the growing number of breaches, the state of application security is not improving significantly,” says Asma Zubair, director of product management for WhiteHat. “Applications continue to remain vulnerable. About one-third of insurance applications, about 40 percent of banking and financial services applications, about half of healthcare and retail applications, and more than half of manufacturing, food and beverage, and IT applications are always vulnerable.”

Top CyberSecurity News For 8th June 2016

  1. Vulnerabilities in Facebook Chat and Messenger exploitable with basic HTML knowledgeFrom Help Net Security. Check Point’s security research team has discovered vulnerabilities in Facebook’s standard online Chat function, and its separately downloaded Messenger app. The vulnerabilities, if exploited, would allow anyone to essentially take control of any message sent by Chat or Messenger, modify its contents, distribute malware and even insert automation techniques to outsmart security defences.

  2. ‘Alarming’ rise in ransomware trackedFrom BBC. There are now more than 120 separate families of ransomware, said experts studying the malicious software.Other researchers have seen a 3,500% increase in the criminal use of net infrastructure that helps run ransomware campaigns. The rise is driven by the money thieves make with ransomware and the increase in kits that help them snare victims.