Fantom Ransomware Mimics Windows Update Screen. From Softpedia.
Ransomware often tries to disguise its malicious behavior using various tricks. The latest method observed is that employed by a new variant called Fantom, which shows a fake Windows Update screen while, in reality, it’s encrypting the user’s files.
The ransomware, spotted for the first time only a few days ago by AVG security researcher Jakub Kroustek, is coded on top of EDA2, a ransomware building kit that was open-sourced last year but eventually taken down.
EDA2 contained flaws that allowed researchers to obtain the decryption keys from the ransomware’s C&C server. According to an analysis from Bleeping Computer, those flaws aren’t there anymore, meaning one of the Fantom coders must have found and fixed them.
- Annoying “Open PDF in Edge” Default Option Puts Windows 10 Users at Risk. From Softpedia. Microsoft has released today its monthly security patch, and one of the five security bulletins labeled as critical concerns a remote code execution (RCE) flaw in its standard PDF rendering library that could be exploited when opening PDF files. The issue, tracked as CVE-2016-3319, is found in the Microsoft Windows PDF Library, the default Windows utility used to open, read, and render PDF files, embedded by default in a couple of apps such as Edge. An attacker could craft malicious code, add it to the header of a PDF file, and host the file on a Web server.
- CIOs, CISOs share advice on selling cybersecurity to the C-suite. From HealthCare IT News. Texas Children’s CISO Sanjeev Sah said hospitals must master the basics because there’s no way to protect against advanced threats if you do not. When UC Irvine Health CIO Chuck Podesta needed a bigger security budget he walked the hospital’s chief executive through a typical data breach or loss scenario. The last bullet point: CEO apologizes to the public.
Got $90,000? A Windows 0-Day Could Be Yours. From Krebs On Security. How much would a cybercriminal, nation state or organized crime group pay for blueprints on how to exploit a serious, currently undocumented, unpatched vulnerability in all versions of Microsoft Windows? That price probably depends on the power of the exploit and what the market will bear at the time, but here’s a look at one convincing recent exploit sales thread from the cybercrime underworld where the current asking price for a Windows-wide bug that allegedly defeats all of Microsoft’s current security defenses is USD $90,000.
Windows GodMode Abused by Malware. From Softpedia. Security researchers at McAfee Labs have come across a new malware family that is abusing a secret Easter Egg in Microsoft Windows called “GodMode.” GodMode consists of a piece of code that Microsoft left inside Windows since Vista that allows users to create a folder, give it a specific name, and automatically transforming it into a container that lists all the shortcuts to all the Control Panel settings. Nobody knows how GodMode panels came to be, but most likely they were used by Microsoft’s staff for debugging purposes.
Group Helping Canada Research How Not to Get Hacked Was Itself Hacked. From ViceNews. A Canadian non-profit group that has been working with the federal government to research how companies can guard against cyber crimes was itself defaced by an infamous hacker that supports the Islamic State. The attack, claimed by “Don-2”, who has already hacked and defaced a websites from China and India, targeted the Information and Communications Technology Council of Canada and appears to have vandalized the site with messages denouncing Canada’s expansion into the Middle East, including in “Shubra” an area in Egypt. Canadian peacekeepers are currently stationed in the Sinai.
Cyber security Bill nears implementation. From ITWeb. The South African Government’s highly-criticised national Cyber Crimes and Cyber Security Bill (cyber security Bill) will “shortly be taken through the Parliamentary process ahead of implementation”.This is the word from minister in the State Security Agency (SSA), David Mahlobo, who delivered his budget vote speech this week, and said the cyber security Bill had been completed and presented to Cabinet.
- Iran expands cyber warfare forces, attacks critical Western infrastructure. From Debka. Amid Iran’s recent demonstration of its military capabilities including the test-firing of ballistic missiles, which have drawn harsh criticism in the West and resulted in economic sanctions, a group of cyber warfare experts under the direct command of Iran’s Revolutionary Guard Corps has significantly increased its operations in recent months. The fingerprints of the hacker organization that calls itself “Rocket Kitten”, whose IP addresses lead directly to Iranian army command, were discovered again on Tuesday, this time within the computer control system of one of the most sensitive infrastructure facilities in Central Europe.
Cybersecurity Is Top Concern of IEEE Members. From DesignNews. A new survey of hot technologies from IEEE Computer Society members and non-members from technology companies finds that cybersecurity ranked number one among all industry segments. Fully, 56% to 58% of respondents said cybersecurity is having the greatest impact on their industry.