PoS Malware Hits Avanti Payment Kiosks
Micro markets solutions provider Avanti Markets has informed customers that their personal, payment card and biometric data may have been stolen by cybercriminals who managed to infect some of its kiosks with malware. According to the company, which serves 1.6 million customers across 46 U.S. states, the malware was designed to harvest information such as…
Russia Jails Head of Notorious Hacker Group
A Moscow court on Thursday jailed the leader of a notorious hacking group for two years for breaking into the accounts of high-ranking Russian officials. Vladimir Anikeyev headed the Shaltai Boltai collective — Russian for “Humpty Dumpty” — believed to be behind high-profile hacks, including into the Twitter account of Prime Minister Dmitry Medvedev. Anikeyev…
Rising information security threats, and what to do about them
The digital threat landscape faced by enterprises large and small is in perpetual flux, and keeping an eye on things and adapting defenses should be of primary importance to every CISO. According to Ziv Mador, VP of Security Research at Trustwave’s SpiderLabs, the current major and, unfortunately, rising threats are ransomware, CEO email attacks (BEC scams),…
The Law of Unintended Outbreak – Who Is at Risk from Petya?
Hot on the heels of the global WannaCry outbreak in May, yesterday saw a wave of what looked like copycat malware sweeping the globe again. However, on closer inspection there may more to this than meets the eye, more than a simple new variant of an already established ransomware borrowing propagation techniques from WannaCry. The…
Video Game Firms Targeted With “Paranoid” PlugX Malware
Companies in the video game industry and possibly other sectors have been targeted in attacks involving improved variants of the notorious PlugX remote access trojan (RAT). Palo Alto Networks has spotted several interesting PlugX samples believed to have been used by the same threat actor. While the company has not provided any details on the…
Something’s phishy: How to detect phishing attempts
Dear you, It appears you need to update your information. Click here to tell us all your secrets. No really, it’s totally safe. We’re not going to steal your identity, we swear. If only phishing attempts were that obvious. Instead, these days it’s hard to tell a phish apart from a foul, if you catch…
With ransomware, pay up if you want to keep paying
A hospital CEO is contacted in the middle of the night with a dire warning. Hackers have taken control of computer systems used for patient care, CT scans, and lab work. The hacker wants money. Rather than pay the ransom, the hospital CEO enlists several experts to try to break back into the system. It…
WannaCry? You’re Not Alone: The 5 Stages of Security Grief
When it comes to securing the enterprise, the attackers have the advantage. Defenders are required to protect against every conceivable threat while the attacker needs only a single attack vector to penetrate a network. The universe of potential intrusion vectors is vast: faulty authentication mechanisms, gaps in the perimeter network, legacy applications, and, of course,…
Honda Halts Production at Japan Plant After Cyber Attacks
Honda said Wednesday it had temporarily halted production at a plant in Japan after it suffered a cyberattack from the same ransomware that struck hundreds of thousands of computers worldwide last month. The Japanese automaker said it had shut its plant in Sayama, near Tokyo, on Monday after discovering its computer system was infected with…
Understanding Looming Threats and the Need to Hunt With Anonymity
Situational awareness is critical in every kind of engagement. The internet is no exception. Effectively all modern conflicts take place, at least in part, online. To understand the threats you will inevitably face, you need to go hunting outside your perimeter. Only by surreptitiously monitoring and engaging with potential attackers and malware developers will you…