Number of HTTPS phishing sites triples

When, in January 2017, Mozilla and Google made Firefox and Chrome flag HTTP login pages as insecure, the intent was to make phishing pages easier to recognize, as well as push more website owners towards deploying HTTPS. But while the latter aim was achieved, and the number of phishing sites making use of HTTPS has…

NSA Tools Behind WannaCry Being Used In Even Bigger Attack Campaign

Attackers have been using NSAs EternalBlue and Double Pulsar to distribute AdylKuzz cryptocurrency malware to hundreds of thousands of systems, Proofpoint says. The WannaCry ransomware outbreak this week garnered widespread attention for its sheer global scope and audacity but another likely even bigger attack leveraging the same stolen NSA exploits has been going on unnoticed…

3 in 5 companies expect to be breached in 2017

New research found that of the 50 percent who reported being breached in 2016, the average material impact to the business was $4 million. Vanson Bourne interviewed 600 senior IT decision-makers at organisations with at least 1,000 employees across Australia, France, Germany, Italy, the United Kingdom and the United States.

How Basic Endpoint Patching Helps Protect Against Ransomware and Other Attacks

On Friday, a group of unknown threat actors carried out one of the largest cyberattacks of its kind, which infected hundreds of thousands of computers in 150 countries. The ransomware, known as WannaCry, exploits a Microsoft Windows OS vulnerability that was patched in Microsoft’s Security Bulletin two months ago. The universal advice was straightforward: Update…

Ransomworm: The birth of a monster

The last few weeks have seen two substantial attacks: one massive phishing attack that leveraged Google Apps and which tricked recipients to give OAuth access to their email accounts, and a large-scale ransomware attack that blanketed almost 100 countries a week later. Now, consider the likely marriage of these two attacks, and the monster that…

Who are we kidding? WannaCry is not a first

On Friday, May 12, 2017, the world was alarmed to discover that cybercrime has reached a new record, in a widespread ransomware attack dubbed WannaCry that is believed to have caused the biggest attack of its kind ever recorded. The details of the attack are all being reported as we go, as security teams scramble…

WannaCry: What you need to know

The unprecedented outbreak of Trojan ransomware WannaCry has created a worldwide plague affecting home users and businesses. We have already posted some basics about WannaCry, and in this post we will provide further advice particularly for businesses. It is urgent and critical to know what WannaCry is, how it spreads, what dangers it poses, and…

Apple issues security updates for macOS, iDevices

It’s time to patch your Mac, iDevices and software again: Apple has released security updates for MacOS (all the way back to Yosemite), iOS, watchOS, tvOS, iTunes, iCloud for Windows, and Safari. The iTunes and iCloud for Windows updates fix one vulnerability in WebKit each. But both of these are critical, as they can be…

WannaCry: Are you safe?

A few days ago saw the beginning of the Trojan encryptor WannaCry outbreak. It appears to be pandemic — a global epidemic. We counted more than 45,000 cases of the attack in just one day, but the true number is much higher. What happened? Several large organizations reported an infection simultaneously. Among them were several…

Microsoft to governments: Stop hoarding vulnerabilities

Microsoft is full of surprises lately: first they issued patches for unsupported versions of Windows, then they publicly criticized the NSA for hoarding knowledge about critical software vulnerabilities (and exploits for them). “We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers…