Cyber Security Threats
Stay informed about the ever-evolving landscape of cyber threats. Explore the latest developments in malware, ransomware, and zero-day vulnerabilities, and learn how to protect your digital assets from these risks.
New MyEtherWallet Phishing Attacks Witnessed
A new wave of MyEtherWallet phishing attacks has been witnessed which use a convincing domain and MyEtherWallet branding to trick MyEtherWallet users into sharing their credentials and providing criminals with access to their MyEtherWallet accounts. … Read more
Self-Replicating Worm Module Incorporated in Trickbot Malware
Trickbot malware is a banking Trojan that has been around for some time, although its developers have recently created a WannaCry ransomware-style worm module that allows it to spread much more swiftly. The latest NotPetya … Read more
Windows 10 Attacked by Bashware
A new attack method – termed Bashware – could permit hackers to download malware to Windows 10 computing devices without being discovered by security software, according to research published by Check Point. The Windows Subsystem … Read more
Advisory Issues by Department of Education Regarding Hacking and Extortion Threats
TheDarkOverlord hacking group has, in recent time, been targeting K12 schools; obtaining access to networks, stealing data and trying to extort money. As a reaction to the hacking and extortion threats, the U.S. Department of Education … Read more
U.S. Organizations Targeted by FormBook Malware Campaign
Specific industry sectors in the United States and South Korea have been the main targets in the Formbook malware attacks. However there has been some worry that the malware will be used in more widespread … Read more
Flash Player Flaw Used to Deliver FinSpy Malware Exploited by Adobe Patches
Adobe has issued a new update for Flash Player to tackle an actively exploited flaw (CVE-2017-11292) that is being used by the hacking group Black Oasis to send out FinSpy malware. Finspy is not malware … Read more
Zero Day Vulnerabilities Exploited by Microsoft Patches
This Patch Tuesday has seen Microsoft release several updates for serious vulnerabilities, some of which are being constantly exploited in the open. Microsoft is pleading with companies to apply the patches now to keep their … Read more
Public Whois Registry Likely to be Affected by GDPR
The EU GDPR Law will have a significant impact on the businesses that process and manage EU citizens’ data. WHOIS is a member of Domain Name sector that is likely to be affected by the … Read more
GDPR to be incorporated in new UK Data Protection Bill
The British Government has completeded the Data Protection Bill that aims to align the country’s data protection regime with the soon to be introduced European Union General Data Protection Regulation (GDPR). This will allow UK citizens to have … Read more
HIPAA Compliance and Phishing: Email Attacks Can Result in HIPAA Penalties
A phishing attack on a HIPAA-covered entity has lead to in a $400,000 HIPAA breach fine for non-compliance. This is not the first time a phishing attack has resulted in a penalty from OCR for … Read more
DDoS Attacks Follow Increase in Flusihoc Botnet Activity Increases
DDoS attacks are being implemented using the Flusihoc Botnet, some as recording speeds as quick as 45 Gbps according to investigators at Arbor networks. The Flusihoc botnet has been in action for a minimum two … Read more
Matrix Ransomware Campaign Detected by Security Researcher
A new Matrix ransomware malvertising campaign has been detected by security researcher Jérôme Segura. The campaign employs malicious adverts to send users to a site hosting the Rig exploit kit. Flash and IE weaknesses are … Read more
Hackers Able to Gain Access Using New Rowhammer Exploit
The Rowhammer exploit was first identified three years ago and was seen enabling hackers to access devices by using DRAM memory cells. Rowhammer attacks uses the close proximity of memory cells, making them leak their … Read more
Yahoo Data Breach Saw 3 Billion Accounts Breached in 2013
After it was first discovered the 2013 Yahoo data violation was quickly found to have affected many of the company’s customers and in December 2016 it was announced that 1 billion accounts had been compromised. … Read more
U.S. Organizations Targeted by FormBook Malware Attacks
The majority of Formbook malware cyber attacks have focused on specific industry sectors in the United States and South Korea, but there is some worry that the malware will be employed in more attacks worldwide. … Read more
Multi-Function Printers Flaw Risks Password Security
Ruhr University Researchers have uncovered significant security flaws in multi-function printers which may be exploited remotely by hackers to shut down the printers, or more worryingly, modify documents or steal user passwords. Hackers might aslo … Read more
Beware of Equifax Phishing Scams – Cybercriminals Are Typosquatting to Catch the Unwary
Consumers should be wary of Equifax phishing attacks following massive data breach revealed earlier this month. The 143 million records possibly stolen in the breach will be monetized, which means many will likely be sold … Read more
Lack of Two-Factor Authentication Linked to Deloitte Data Breach
This week, news has emerged about a serious Deloitte data breach that allegedly resulted in ‘several gigabytes’ of sensitive emails sent to and from the accountancy firm’s clients being obtained by hackers. Deloitte is one … Read more
NHS Computers Taken Offline After Barts Health Malware Attack:
A Barts Health malware attack resulted in the shutdown of hospital IT systems on Friday last week as the UK NHS Trust attempted to address the damage caused and limit the infection. Barts Health is … Read more
Equifax Breach Victims Directed to Phishing Website
The cyberattack on Equifax affected almost half the population of the United States. 143 million U.S. consumers potentially had their sensitive data stolen by hackers, as did around 400,000 individuals in the United Kingdom and … Read more
Average Cost of a SMB Data Breach Revealed by New Study
The average cost of a SMB data breach is now $117,000 per incident, according to a large study of data breach costs at small to medium sized businesses. The study was conducted by Kaspersky Lab … Read more
Patch Issued for Actively Exploited Drupal Vulnerability
A patch for a vulnerability in Drupal (CVE-2017-6922) that has been activiley exploited for some months was released in June 2017. The flaw affects Drupal v 7.56 and 8.3.4. Drupal was aware of the flaw, … Read more
Rapid Account Verification Being Offered by New Twitter Credit Card Phishing Scam
Proofpoint, the cybersecurity firm, has confirmed that is has discovered a new Twitter credit card phishing scam. Users of the social media platform Twitter are being offered verified account status via native Twitter ads; the … Read more
Windows Dialog Box Mimicked By Newly Discovered Trojan Downloader
Dr. Web, a Russian antivirus firm has recently discovered a new Trojan downloader. The malware uses a popup Windows ‘Save As’ dialog box to install malicious payloads, which have thus far all been adware. The … Read more
SMB File Sharing Protocol Flaw Made Public Before Release of Patch
Details of a SMB file sharing protocol flaw in Windows have been made public some 12 days prior to the release of a patch by Microsoft. Laurent Gaffié, the researcher who published details of the … Read more
Investigation into Ransomware Infection Affecting 19,000 People
One of Highmark Blue Cross Blue Shield’s (Delaware) subcontractors has fallen victim to a ransomware infection and cyberattack that may have put private information relating to almost ninetenn thousand beneficiaries of employer-paid health plans at … Read more
Beware of Hoeflertext Warnings: Popups Used to Deliver Ransomware
Popup warnings of missing fonts, specifically the Hoeflertext font, are being used to infect users with malware. The Hoeflertext warnings appear as popups when users visit compromised websites using the Chrome or Firefox browsers. The … Read more
Healthcare and Education Sectors hit by Defray Ransomware
Defray ransomware is being used in targeted hacking campaigns on groups in the healthcare and education sectors. The new ransomware variant is being shared via email; however, in contrast to many ransomware campaigns, the emails … Read more
Result of 2017 Spam Study Show Most Malicious Messages Sent During Working Day
The busiest day of the week for email spam is typically Tuesday and cyber criminals focus on sending messages during the working day, Monday to Friday, according to a 2017 spam study completed by IBM … Read more
Locky Ransomware Spam Campaigns Discovered Sharing Two New Strains
Two new Locky ransomware spam campaigns have been witnessed this month, each being used to distribute a new variant of the cryptoransomware. The campaigns have started after a relatively quiet period for ransomware campaigns, although … Read more
What is the Cost of a Malware Attack? $300 Million for Maersk
The cost of a malware attack is difficult to predict. There are many factors that affect the cost. The type of malware, whether data were stolen, the extent of the infection, how easy it is … Read more
Diagnostics Website Flaw at ‘True Health’ Reveals Private Patient Information
Patients of the True Health Group have had their health reports exposed online due to a law in the True Health Diagnostics website. Moreover, the reports appear to have been viewable by other patients for … Read more
Majority of Malicious Messages Sent During Office Hours According to 2017 Spam Study
The most hectic day of the week for email spam is Tuesday and hackers focus on sharing messages during working hours, Monday to Friday, according to a 2017 spam study facilitated by IBM X-Force. The … Read more
Sentara Healthcare: Investigation into Data Breach
Sentara Healthcare is currently carrying out an investigation into a data breach affecting one of its 3rd-party vendors which allowed a number of patients’ protected health information to be accessed by an unauthorized person. Sentara … Read more
Victims Offered A Criminal Choice by “Popcorn Time” Ransomware
New methods of spreading ransomware are constantly being developed; however, a new ransomware variant discovered by MalwareHunterTeam researchers called “Popcorn Time” appears to use tactics that have never before been seen. When Popcorn Time ransomware … Read more
Molina Healthcare Patients’ Data Exposed by Portal Security Flaw
A security flaw in a patient portal has exposed information concerning patient claims. Claims information had previously been uploaded to the patient portal of Molina Healthcare, which is a managed care company based in Long … Read more
“Patch Tuesday”: Sixty-eight Microsoft Vulnerabilities Repaired
Patch Tuesday 2016: Microsoft has acted to fix 68 vulnerabilities including 6 that had been rated critical. The updates have been spread over fourteen security bulletins. The updates include fixes for 2 vulnerabilities that are … Read more
Victims Being Blackmailed by Newly Discovered Ransomware Variant
Proofpoint researchers have recently identified a previously unknown ransomware variant, known as “Ransoc”, which employs various techniques to extort money from its victims. As opposed to the encryption of a broad range of file types … Read more
Recent Discovery of Social Engineering Scam on LinkedIn
A new LinkedIn social engineering scam has been uncovered by researchers at Heimdal Security which tries to convince LinkedIn users to give their personal information. The attackers have been attempting to obtain access to users’ … Read more
Poor Patch Management Policies Result in Cyberattacks and Huge Settlement
The importance of implementing good patch management policies was clearly highlighted by the WannaCry ransomware attacks in May. The ransomware attacks were made possible due to poor patch management policies at hundreds of companies. The … Read more
Devastating Losses Inflicted by Ransomware Attacks on Small Businesses
Ransomware attacks on small businesses can have major consequences. Many small companies have little spare capital and certainly not enough to be doling out cash to cybercriminals, let alone enough to cover the cost of … Read more
Latest Business Email Compromise Scam Methods Revealed
Numerous email compromise tactics have for some time been in use by scammers to trick business executives into making fraudulent wire transfers. Recently, a Symantec security specialist has observed that some scammers have begun taking … Read more
Microsoft Security Bulletins to be discontinued In January 2017
If yours is one of many businesses which depend upon Microsoft Security Bulletins to remain informed about new patches and fixes to known vulnerabilities, you and your colleagues should prepare yourselves for an upcoming change … Read more
Federal Agencies Asked to Deploy DMARC to Stop Impersonation Campaigns
A U.S senator is asking the Department of Homeland Security and other federal agencies to implement DMARC to prevent impersonation attacks being conducted through email. In recent months, several government agencies have been focused on … Read more
Malicious Word Macros Responsible for Spreading MacOS Malware
According to IT Security researchers, MacOS malware is now being spread by malicious Word macros. This is the first occasion on which MacOS malware has been recognised as having been used to spread this attack … Read more
$28,000 Paid for Key following January Los Angeles Valley College Ransomware Attack
A ransomware attack on an LA Valley College on the 6th of January, 2017 lead to student data being locked and resulted in some 1,800 college staff – both administrators and teachers – being unable … Read more
OPM Data Breach Victims targetted by Locky Ransomware Campaign
The culprits responsible for Locky ransomware have begun using data obtained in the OPM data breaches of 2014 and 2015 in a new campaign designed to spread cryptoransomware. It remains unknown exactly how much data … Read more
Christmas Period Malware Infections Increase by more than 100% in 2016
Malware infections over the Christmas holiday period are something to be expected. Every year as the number of online shoppers increases, the number of Windows malware infections increases with them. Data from Enigma Software Group … Read more
Spam King Gets 30-Months Prison Sentence
The self-titled Spam King, Sandford Wallace, has been given a 30-month jail sentence in relation to a Facebook spam campaign carried out between November 2008 and February 2009. Wallace illegally gained access to around 550,000 … Read more
2017 US Data Breaches at Record Breaking Level
2017 US data breaches have reached a record high, jumping an incredible 29% year over year. The mid-year data breach report from the Identity Theft Resource Center (ITRC) and CyberScout shows there were 791 reported … Read more
