Tag Archives: Windows

10Fold- Security Never Sleeps- 179

‘NotPetya’ Hackers Demand $256,000 In Bitcoin To Cure Ransomware Victims

“One of biggest attacks leaves many with a big bill”

Some of the largest industrial firms were infected by the ‘NotPetya’ ransomware and those responsible are demanding 100 Bitcoin, or about $256,000, to decrypt the victims files. A post on Pastebin by an anonymous user said: “Send me 100 Bitcoins and you will get my private key to decrypt any harddisk (except boot disks).”

Fake WannaCry Ransomware Uses NotPetya’s Distribution System

“Distributed through the same channel”

The NotPetya malware was not the only bug to make its way through the M.E.Doc last week. A WannaCry variant that ended up being a fake, FakeCry, was delivered with the same mechanism. Kaspersky found that FakeCry was delivered to the M.E.Doc users on June 27th, the same day as the NotPetya spread. The security firm says that it was run as ed.exe by the parent process ezvit.exe, which led Kaspersky to believe that it utilizes the same delivery system as NotPetya.

Android Ransomware Mimics WannaCry

“WannaCry interface similarities in SLocker”

Windows systems were hit by a ransomware that had an interface mimicking the WannaCry malware last month. TrendMicro security researchers found that one of the first Android ransomware families to encrypt files in exchange for payment, Slocker, has had a major upgrade. SLocker has been seen before, but was offline for a while after the creator had been arrested just days after its initial release.

CopyCat malware infected 14 million outdated Android devices

“Fradulent ad revenue collected”

A new Android malware strain dubbed, CopyCat, has injected itself into over 14 million outdated devices globally. The malware hijacks applications to display fradulent ads, according to CheckPoint researchers. On Thursday, the security firm claimed that most victims were in Asia, but over 280,000 U.S. devices were also affected. Google was tracking the malicious software for the better part of two years, but third party app downloads, phishing attacks, and other avenues make the infection difficult to contain.

Enjoy your read? Check out our other blogs and content here.

10Fold- Security Never Sleeps- 178

Windows 10 Is Getting A Clever New Way To Fight Off Ransomware

“New ability added to Windows Defender”

The built-in Windows anti-malware application has been outfitted with a new protective mechanism. ‘Controlled Folder Access’ allows only recognized trustworthy devices and users to access the files that you activate the feature for.

Medicare data breach: Alan Tudge admits department unaware darknet vendor selling card details

“HS Minister concedes after investigation”

Alan Tudge, Australian Human Services Minister, now confirms that his department was blind to the fact that a secretive Darknet vendor had obtained and began to sell Australian medicare information on the web. The Guardian published an investigation Tuesday that revealed the operation, which had sold about 75 individuals records on an illegal product auctioning site. Mr. Tudge has addressed the breach in a recent statement:

Decrypting the Motivations Behind NotPetya/ExPetr/GoldenEye

“Who and Why still largely unknown”

The most recent malware attack to rock the Ukraine and others has seemed to leave more questions than answers. Reaching at least 60 countries, the malware is now even taking on different names. Some researchers have dubbed it Petya, due to its similarities with the Petya malware seen previously. However, others refute the relationship, leaving it categorized as NotPetya, GoldenEye, and more. Kaspersky Labs has found similarities with a modified version of Petya, and have settled on ExPetr.

Zero-Day Found in Humax WiFi Router

“Vulnerable routers easily compromised”

Security systems in the new HG-100R Humax WiFi router are apparently fragile enough to allow hackers remote access to sensitive information and administrative command control. TrustWave SpiderLabs researchers discovered the flaw in May, but repeated warnings to the manufacturer were allegedly met with silence.

Personal Details of 117,000 AA Shoppers Exposed

“15 million member organization criticized for security faults”

The Automobile Association is the target of massive critique this week after news of a major data malfunction may have compromised the sensitive information of much of its membership base. A server misconfiguration brought the vulnerability of at least 100,000 customers data, however the organization had downplayed the severity of the incident. The company posted the following message to customers on Monday;

Enjoy your read? Check out our other blogs and content here.

10Fold- Security Never Sleeps- 175

GhostHook Attack Can Bypass Windows 10’s PatchGuard

“Newly discovered malware can hook kernel code”

CyberArk Security Labs has shown that an attack on Windows 10 PatchGuard systems can be compromised. The protective program was designed to prevent rootkits and other malicious software at kernel level on 64-bit versions of Windows. The attacking software, now dubbed GhostHook, can completely bypass PatchGuard as long as the cybercriminal already has a foothold in the system.

Nuclear Plants, Hospitals at Risk of Hacked Radiation Monitoring Devices

“Major flaws that are currently unfixable”

Design flaws that are used to track radiation levels in major public systems have been found to be able to be exploited. A shrewd cybercriminal could be capable of injecting fake radation level readings, causing concerns for many security researchers.

Cloud Security and the RNC Leak

“Researchers take lessons from breach”

A mal-configured Amazon S3 packet has led to a huge leak for the RNC networks. This could easily happen to other organizations that do not adopt adequate security measures.

Check Point says Fireball malware hit 250 million; Microsoft says no

“Microsoft conflicts Check Point statement”

Squabbles over the infection rate of Fireball have put Check Point and Microsoft in contrary positions. Check Point claimed that the China-based malware had affected over 250 million systems, which Microsoft denies. The firm countered the Check Point report with another statement, claiming it has been tracking Fireball since 2015 and that the total count of infected systems was only about 40 million.

10Fold- Security Never Sleeps- 139

Windows SMB Zero-Day Exploit On The Loose

“As of now, no patch available”

US-CERT and many other organizations have been warning since Friday of a zero-day vulnerability in several versions of Microsoft Windows. The corruption bug is capable of giving hackers the ability to remotely crash and reboot a users system. The PoC code that allows for the exploitation is publicly available for any cybercriminal to use has been released on GitHub.

InterContinental Confirms Breach at 12 Hotels

“Credit card vulnerabilities acknowledged”

The parent company for thousands of different hotel has announced that at least 12 of its properties were affected by a breach of its servers, possible allowing credit card information to be stolen from its customers. KrebsOnSecurity first reported the story over a month ago, however InterContinental Hotels Group have only recently publicly acknowledged the incident.

29,000 taxpayers affected by W-2 scams

“IRS issues new warning amidst reports of compromised W-2 increases”

The newest warning advisory from the IRS coincides with additional plans that the agency has recently announced, including delays on refunds for early filings among others in an effort to combat identity theft and fraudulent activities. Employers have also been informed that the W-2 scam has moved to schools, nonprofits and tribal ogranizations.

Hacker hijacks thousands of publicly exposed printers to warn owners

“Rogue messages sent to prove a point about vulnerability of internet connected devices”

Recent research has has shown that many connected printer models are vulnerable to attack, a point that a hacker known under the alias as Stackoverflowin made reality to thousands of exposed devices. Messages were sent via the printer by Stackoverflowin, that depicted the dangers of unsecured devices.

Polish Banks Hacked via Malware Coming from Financial Regulator

“Largest hack in nations history”

Malware has been discovered on the servers pf many Polish banks, seemingly installed by the Polish Financial Supervision Authority (KNF). The banking sector considers this n attack on the financial sector.

10Fold- Security Never Sleeps- 128

Here’s The Evidence Russia Hacked The Democratic National Committee

“More evidence found by Crowdstrike”

New Russian ties to the Democratic National Committee hacks have been observed by security researchers at Crowdstrike. One of the alleged telling signs is the maintenance of a hidden communication channel that allows for the continued theft of data after the initial breach, in the case of the case of the DNC done by Fancy Bear, a software consistent with Russian operatives.

Google’s new “Android Things” OS hopes to solve awful IoT security

“Hopes to encompass several Android vulnerabilities”

Developers can now build a smart devices using Android APIs and Google Services, applying IoT elements to the typical Android development toolkit. Developers can also now utilize the Google Weave protocol to communicate between devices like Google Cloud Vision.

Typo led to Podesta email hack: report

“March email allegedly led to mass breach”

John Podesta, Hillary Clinton’s campaign manager, had reportedly responded to a fake password reset email from Google that his IT staff had reported was authentic. The following data thefts resulted in a large scale smear upon the candidates campaign and Podesta’s reputation throughout the 2016 election cycle.

New Critical Fixes for Flash, MS Windows

“Patches to plug critical issues”

The new Adobe Flash Player patch fixes 17 serious security concerns currently being utilized by cyber criminals. Microsoft update hits on at least 42 issues reported over the last period, associated with Windows and other software’s.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 116

Website Security Flaw Places Millions at Risk

“Website Platform Wix.com Vulnerable to XSS bug”

Contrast Security research engineer Matt Austin has recently announced in a blog post that a severe vulnerability that can be exploited by adding a single parameter to any site created with Wix.com. This means that over 87 million websites and their users are now in jeopardy of cyber-attacks due to an XSS bug that allows criminals to create a ‘worm.’ Worms give access to website functions and commandeer administrator accounts, essentially giving attackers full control over targeted websites.

Fake Flash Player App Targeting Banks, Social Media

“Malware running through android devices increasing attacks”

A Trojan program has caused grave concern across the banking industries in both the United States and Europe. The malware is among one of the most advanced seen targeting banking applications, particularly because it can dodge the SMS-based two-factor authentication system with ease.

Windows Vista, IE8 Pose Huge Enterprise Threat

“Represents a threat to organizations who use company networks from insecure devices”

Duo Security has reported that still over half of its customer base still run Windows Vista or Windows XP on their devices, which are notorious for being outdated and have a plethora of vulnerabilities. Many also use outdated versions of Internet Explorer and Google Chrome, which have also reached what is called “End of life status.” This means that these web browsers no longer receive security patches, and are incredibly vulnerable to modern cyber-attacks.

Arizona Man Accused of Trying to Hack University Email

“Over 75 universities targeted”

Higher education campuses nationwide have had hacking attempts on their email servers from the same attacker in recent weeks. The would-be hacker Jonathan Powell was arrested Wednesday and is now held for arraignment in Phoenix. Powell used his work computer to mine personal data from a New York school, which investigators used as evidence to track and hold him.

10Fold- Security Never Sleeps- 115

‘Serious’ Windows Vulnerability Found by Google

“Adobe have issued fix, Windows has yet to issue its own patch”

Per Google’s new policy of exposing exploitative problems to the software creator, the firm has issued a public notice to Microsoft regarding sections of code that are capable of being appropriated by cyber criminals. The flaw, described as a “security sandbox escape,” bypasses cyber defense measures and allows malicious or dysfunctional programs to damage of collect sensitive information from the rest of the device. As of now Adobe’s patch for this issue, released October 21st, have been successful at resolving the issue. Microsoft itself has offered no security fix yet.

New Malware for Mirai Botnet Observed

“Coded partially with Tsunami/Kaiten protocol”

A new strain of malware that specifically targets IoT vulnerabilities and converts the into ‘slave’ devices has been released in the last few days by a collective of cybercriminals. ‘Linux/IRCTelnet’ is capable of conducting massive DDoS attacks, using common IoT appliances such as DVR’s, routers, lighting systems, and more, according to a research team on Malware Must Die.

Major ‘upgrade’ for Nymaim Malware

“Includes increased obfuscation and blacklisting softwares”

Verint researchers have observed several new events where the infamous Nymaim malware has been able to use new code based targets for phishing, rather than its original drive-by-download approach. This particular strain of malicious software has been in circulation since 2013, and has managed to stay ahead of threat researchers consistently with various upgrades that give it a leg up on those studying it. With this advantage, attacks have been seen to rise with use of the malware, with over 63 percent more incidents observed over the last year.

UK commits ÂŁ1.9B to Cyber Security, Many Firms Contracted

“Recent threats from international actor’s prompts concern”

Just over ÂŁ1.9B has been committed to increasing British cyber security measures after threats against the United States have been made in recent months. Giving new advantages to both defensive and offensive strategies, the new cyber defense plan will contract with both public and private firms to ensure top of the line systems within the next few years.