Tech support scammers abuse bug in HTML5 to freeze computers
One of the primary vectors for the distribution of tech support scams is malvertising. You’ll simply be browsing the web when all of a sudden your browser shows a scary page claiming your computer is infected. Behind the scenes, an unscrupulous ad network usually lets a malicious actor push a malicious code snippet instead of…
Android Trojan targets customers of 94 banks in US, Europe
If you/ve recently installed a Flash Player Android app and now almost every app you open asks you for your payment card details, you’ve been infected with a banking Trojan. It is unclear where the fake, malicious Flash Player can be downloaded from, but it’s likely one or more third-party apps stores popular around the…
Google Adwords Malvertising Campaign Targets Apple Macs
Apple Mac owners using the Google search engine may have been infected via malicious ads at the tip-top of their search results last week after attackers launched a malvertising campaign against Google Adwords. In an act of gumption or plain cheek, the attackers’ malicious lure of choice was a phony ad for one of Google’s…
U.S. Should Strike Back at Cyberattackers: Report
The US government and private sector should strike back against hackers to counter cyber-attacks aimed at stealing data and disrupting important computer networks, a policy report said Monday. A panel of experts assembled by the George Washington University Center for Cyber and Homeland Security said policies should be eased to allow “active defense” measures that…
Healthcare industry is the bullseye for hackers in 2017
Healthcare is the most cyber attacked industry according to the 2016 IBM X-Force Cyber Security Intelligence Index. In the same report just a year ago — when financial services held the top spot — healthcare wasn’t even in the top six. The IBM report states that more than 100 million patient records globally were breached last…
How To Build A Strong Security Awareness Program
At the Security Awareness Summit this August in San Francisco, a video clip was shown that highlights the need to develop holistic security awareness. The segment showed an employee being interviewed as a subject matter expert in his office cubicle. Unfortunately, all his usernames and passwords were on sticky notes behind him, facing the camera…
Let’s Clean Up The Internet By Taking Responsibility For Our Actions
Someone has to clean the house, shovel the walk, and mow the lawn. As we grow to adulthood, we realize that this person is us. We either do it ourselves, or we have to earn enough to pay someone else to do it. The Internet has reached a point where we need to take responsibility…
Was the Dyn DDoS attack actually a script kiddie v. PSN?
The massive DDoS attack that disrupted the internet address-lookup service Dyn last week was perhaps pulled off by a script kiddie targeting PlayStation Network and using Mirai malware to assemble a massive IoT botnet, according to research by Flashpoint. “Flashpoint assesses with moderate confidence that the most recent Mirai attacks are likely connected to the…
7 Scary Ransomware Families
As the season of evil witches, ghosts, goblins, and ghouls approaches, it’s time to be on guard. But security managers face scary prospects year-round, especially as new strains of ransomware escalate. And ransomware variants are getting more pervasive – and creepier – than ever. The FBI says that from Jan. 1, 2016 to June 30,…
Black Hat Europe 2016 S: How Artificial Intelligence Will Liberate Security
T. Kuhn’s The Structure of Scientific Revolution outlined an episodic model in which periods of “normal science” were interrupted by periods of “revolutionary science.” It challenges us as a society to consider new paradigms, to change the rules of the game, our standards and our best practices. The advent of applied Artificial Intelligence (AI), also…