Goldeneye Ransomware – the Petya/Mischa combo rebranded
From March 2016 we’ve observed the evolution of an interesting low-level ransomware, Petya – you can read about it here. The second version (green) Petya comes combined with another ransomware, packed in the same dropper – Mischa. The latter one was deployed as an alternative payload: in case if the dropper was run without administrator…
BrandPost: New POS Malware Attacks Are Becoming More Aggressive
Professionally written-malware is rarely unsubtle. Long, slow and stealthy attacks are generally the rule—but a rogue malware author has decided to break that rule by going fast and loud. What’s more, this approach is actually finding a great deal of success, which should have retailers worried in the lead up to the holiday season. How…
Ransomware Report: Top Security Threat Expected to Continue Rising in 2017
Digital extortion by means of ransomware or a systems breach was one of the most prominent threats to consumers and businesses in 2016. It seems IBM Security’s prediction materialized quite excessively this past year. Ransomware is a generic name for a family of computer bugs programmed to lock up endpoints, such as PCs, servers or…
Corporate Office 365 users hit with clever phishing attack
Corporate Office 365 users are being targeted by phishers using a clever new trick to bypass email filters and the default security protections of the Microsoft service. The attack comes in the form of fake emails, and the trick makes the user to see one URL in the link, anti-phishing filters another, and the actual…
End the air gapping myth in critical infrastructure security
In an environment where we’re seeing increasing demand for connectivity between operational technology (OT) and IT, security teams have to dispel the air gapping myth to acknowledge that IT influences can exploit OT connections. The air gapping approach was used for a long time to prevent any impact on ICS systems. But it’s wishful thinking…
Data enrichment records for 200 million people up for sale on the Darknet
Full data enrichment profiles for more than 200 million people have been placed up for sale on the Darknet. The person offering the files claims the data is from Experian, and is looking to get $600 for everything. Details of this incident came to Salted Hash via the secure drop at Peerlyst, where someone uploaded…
Zcash mining software covertly installed on victims’ machines
Software “mining” the recently established Zcash (ZEC) cryptocurrency is being foisted upon unsuspecting users, Kaspersky Lab warns. The actual software is not illegal, and not technically malware – it is meant to be used by individuals who are willing to dedicate their machine(s) and pay for the increased electricity usage that accompanies cryptocurrency mining.
Avoiding Threat Management Rookie Mistakes
What do a Finnish HVAC company and an American car dealership have in common? Both have been doing a poor job running their computer systems and, as a result, both experienced embarrassing threat management blunders. Valtia is the property manager of two apartment buildings in the city of Lappeenranta in eastern Finland. Meanwhile, the car…
Only 25% Companies Equipped To Handle Data Breaches
Research by Tripwire on cybersecurity challenges reveals only 3% organizations outsource security issues to experts. A survey by Tripwire has revealed that despite a hike in IT budgets, companies continue to struggle with cyber-security: just one quarter of respondents say they have the ability to handle data breaches.
Locky Variant Osiris Distributed via Excel Documents
The infamous Locky ransomware has once again switched to a new extension to append to encrypted files, but reverted to malicious Office documents for distribution, security researchers have discovered. The latest Locky variant is appending the .osiris extension to encrypted files, marking a switch from the Norse mythology to Egyptian mythology. The change comes only…