 |
Disaster as CryptoWall encrypts US firm's entire server installation
"Here is a tale of ransomware that will make your blood run cold," announced Stu Sjouwerman of security training firm KnowBe4 in a company newsletter this week and he wasn't exaggerating.One of his firm's customers contacted him on 14 October for advice on how to buy Bitcoins after all seven of its servers containing 75GB of data had been encrypted by a recent variant of the hated CryptoWall ransom Trojan.An admin had clicked on a phishing link which was bad enough. Unfortunately, the infected workstation had mapped drives and permissions to all seven servers and so CryptoWall had quickly jumped on to them to hand the anonymous professional a work day to forget.To read this article in full or to leave a comment, please click here Read More
Ebola crisis brings out another sickness: Vile scammers
Sadly we all knew it would happen, once the Ebola situation became international news, the contemptible fraud and scam artists would crawl out from under their rocks to exploit it.They have not disappointed.New York State Attorney General Eric Schneiderman and others this week noted a number of scams in the works: Consumer Reports published an article referencing a bogus e-mail solicitation offering a $29 "surplus protection kit" supposedly designed for emergency response teams and law enforcement agencies. The Federal Trade Commission has warned that there are no FDA-approved medical treatments for Ebola and that consumers should file complaints with the FTC and the FDA if they encounter a fraud. According to USA Today, at least three companies have been issued warnings by the Food and Drug Administration in the past month for selling bogus treatments, solutions, or therapies for Ebola. The FTC and FDA recently sent a warning letter to Natural Solutions Foundation, which sells supplements, putting it on notice that some of its claims around Ebola violate a number of federal laws. According to a report in Daily Finance, the Better Business Bureau's New York office has received complaints about fraudulent telephone solicitations involving a charity claiming to raise funds to help Ebola victims. There have also been reports of door-to-door frauds claiming to raise money for a Texas nurse who became infected with the disease. Better Business Bureau is warning consumers about a variety of Ebola-related scams and problematic fundraisers that have emerged recently. The AARP warned about online offers for an Ebola cure or special "natural" or "dietary" methods to alleviate or prevent symptoms; email scams with alarming messages like "Ebola update" or "Ebola Pandemic" which may include links that release computer viruses; sales of "personal protection kits" at low prices to provide supposed "infection defense"; charity scams claiming to help victims or fight the disease; and potential stock investment frauds involving companies that say they are involved in the development of products that will prevent the spread of viral diseases like Ebola. US-CERT reminded users to protect against email scams and cyber campaigns using the Ebola virus disease as a theme. Phishing emails may contain links that direct users to websites which collect personal information such as login credentials, or contain malicious attachments that can infect a system. The FTC wrote that there are currently no FDA-approved vaccines or drugs to prevent or treat Ebola. "Although there are experimental Ebola vaccines and treatments under development, these are in the early stages of product development, have not yet been fully tested for safety or effectiveness, and the supply is very limited. There are no approved vaccines, drugs, or products specifically for Ebola available for purchase online or in stores. No dietary supplements can claim to prevent or cure Ebola, according to the supplements industry. If you've seen companies or products touting these claims, report them to the FTC and FDA."To read this article in full or to leave a comment, please click here Read More
Hacker group leader gets 24 months in federal prison for attacking US Navy, 50 other institutions
One of the two leaders of the hacking group known as Team Digi7al was sentenced to 24 months in federal prison today for his role in hacking the U.S. Navy, National Geospatial-Intelligence Agency, and over 50 public and private computer systems including the World Health Organization, the Los Alamos National Laboratory, Harvard , two police departments and the Department of Homeland Security, according to U.S. Attorney Danny C. Williams.+More on Network World: Gartner: IT careers – what's hot?+Daniel Trenton Krueger, 20, of Dix, Illinois, previously pleaded guilty before U.S. District Judge James H. Payne on May 20, and was initially charged in a single-count information on May 5, 2014. At the time of the hacking Krueger was a student, Williams stated.To read this article in full or to leave a comment, please click here Read More
The 'Backoff' malware linked to data breaches is spreading
The number of computers in North America infected by the Backoff malware, which is blamed for a string of payment card breaches, has risen sharply, according to research from network security company Damballa.The company detected a 57 percent increase between August and September in devices infected with Backoff, which scrapes a computer's RAM for leftover credit card data after a payment card has been swiped, said Brian Foster, Damballa's CTO.Damballa based its finding on data it collects from its ISP and enterprise customers, who use its traffic analysis products to detect malicious activity.Damballa sees about 55 percent of internet traffic from North America, including DNS requests, though for privacy reasons it doesn't know the IP addresses of most of those computers, Foster said.To read this article in full or to leave a comment, please click here Read More
US Justice Dept. focuses new squad on cybercrime combat
The threat and consequences of cybersecurity attacks today lead the US Department of Justice to reorganize in an effort to better battle the scourge.The changes announced by John Carlin, the Assistant Attorney General for National Security included the appointment of a new Principal Deputy Assistant Attorney General and a new Chief of Staff and Counselor, as well as the creation of a new Deputy Assistant Attorney General position to oversee DOJ's National Security Division's efforts to protect national assets, including its efforts to combat economic espionage, proliferation, and cyber-based national security threats. This position will oversee the work of the National Security Cyber Specialists (NSCS) Network, consisting of prosecutors in each of the U.S. Attorney's Offices who focus on cyber threats to the national security. To read this article in full or to leave a comment, please click here Read More
Cyberespionage group launches sophisticated phishing attacks against Outlook Web App users
A cyberespionage group has been using advanced spear-phishing techniques to steal email log-in credentials from the employees of military agencies, embassies, defense contractors and international media outlets that use Office 365's Outlook Web App.The group behind the attack campaign has been operating since at least 2007 according to researchers from Trend Micro, who published a research paper on Wednesday about the attacks they dubbed Operation Pawn Storm.The Pawn Storm attackers have used a variety of techniques over the years to compromise their targets, including spear-phishing emails with malicious Microsoft Office attachments that installed a backdoor-type malware program called SEDNIT or Sofacy, or selective exploits injected into compromised legitimate websites.To read this article in full or to leave a comment, please click here Read More
DNS is ubiquitous and it's easily abused to halt service or steal data
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe. The global Domain Name System (DNS) is ubiquitous across the Internet. It's absolutely fundamental to the way we work. It's a whole lot easier to bring up a browser and type www.Google.com rather than try to remember its more complex address of http://74.125.224.72/.DNS is so important that we tend to regard it as Internet plumbing: it goes everywhere, it gets through all the firewalls and it's there when we need it—usually. Unfortunately, DNS also has the characteristic of being poorly secured, which can lead to all sorts of problems.To read this article in full or to leave a comment, please click here Read More
You are responsible for your own Internet privacy
Bill Clinton's run for presidency nearly derailed when rumors surfaced that he had smoked marijuana during his time in England. In an effort to control the damage, Clinton admitted that he indeed experimented with the illegal drug but "didn't inhale." Imagine how history might have changed if a video of a glassy-eyed Clinton with a joint between his lips had shown up on Youtube (which, of course, didn't exist at the time).MORE ON NETWORK WORLD: Free security tools you should try Flash forward two decades, there's no place to hide anymore, no privacy. Compromising photos and videos shared online, surveillance cameras catching stupid acts, regrettable blog posts written during rebellious, youthful days, asinine comments on Facebook and Twitter, all can be unearthed -- the Internet remembers everything -- and undermine a person's reputation.To read this article in full or to leave a comment, please click here Read More
2014 technology industry graveyard
Microsoft, Google, Intel, BlackBerry and others bid farewell to brands, projects and more. Read More
Facebook and Yahoo prevent use of recycled email addresses to hijack accounts
A new mechanism helps email servers determine if a message was intended for a recycled account's previous owner Read More
Akamai sees record-setting spikes in size and volume of DDoS attacks
The cloud services company detected 17 DDoS attacks in the third quarter that generated traffic of more than 100 Gbps Read More
15 of the scariest things hacked
From televisions to passenger planes, even the most unassuming device can, if accessed by the wrong people, be turned into something more sinister. Read More
Top 6 threats to iOS devices
Given the recent iOS update and iPhone announcement, a security group provides tips to fend off threats to your device. Read More
| |
No comments:
Post a Comment