PC PORTAL

Experienced. Trusted. Solutions.

Headlines

By

Cyber News Rundown: Atlanta Ransomware Attack

The Cyber News Rundown brings you the latest happenings in cybersecurity news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst and a guy with a passion for all things security. Any questions? Just ask.

City of Atlanta Faces Ransomware Roadblock

In the past week, the city of Atlanta has been dealing with the aftermath of a ransomware attack that effectively halted the police department’s Special Operations Section, which monitors non-emergency city functions. In a surprising twist, however, the ransomware author’s contact portal was leaked through several media outlets, prompting the author to remove the portal entirely and leaving the city with no means of paying the ransom. While the city was able to quickly return to normal operations for most employees, the recovery process will likely be ongoing for some time.

Facebook’s Data Collection Larger Than First Thought

Over the past week or so, researchers have been taking a deeper look into the data being collected by Facebook, with or without users’ permission. It was revealed that, due to lax API permissions for the Facebook installation on older versions of Android, Facebook was allowed to gather both call and SMS logs without user opt-ins. For some, extensive details of calls made by users were meticulously stored for up to several years. Details included call duration, recipient, and the date and time of the call. While Facebook claims any stored data is deleted if the user chooses to revoke permissions, users have been able to download their own data after removing the app, as the opt-in feature is the default setting when installing Facebook for the first time.

UK Anti-Doping Agency Hit By Cyber Attack

Recently, the UK’s anti-doping agency was targeted by an attack attempting to access drug testing and medical records for athletes. A Russian hacking group is believed to be responsible, as the attack comes not long after a doping scandal that affected several Russian athletes. Fortunately, the anti-doping agency has confirmed that no data was compromised in the attack and a simple reboot of their servers was all the remediation necessary.

Facebook Boosting Bounty Hunter Program After Data Handling Debacle

Following the latest scandal regarding the misuse of user data by third-party apps, Facebook has begun a complete overhaul of their bug bounty hunter program. In addition, they are reworking the company’s app review system to better determine permissions needed by apps that request access to a user’s friends list. Finally, any apps running on the Facebook platform that have been found to misuse customer data will be permanently blocked from accessing the development platform.

Sanny Malware Receives Multi-Step Delivery System

While Sanny has been well known and documented for several years, a new update has completely changed the delivery method of the malware. By portioning out the steps in the attack, rather than deploying everything in one drop, Sanny is capable of bypassing any UAC prompts and making multiple checks for the operating system version. Once the malicious macro is launched from within the email attachment, it checks for the specific OS and begins downloading additional files to bypass any OS security checks and executes its final payload.

The post Cyber News Rundown: Atlanta Ransomware Attack appeared first on Webroot Threat Blog.

By

Cyber News Rundown: Zenis Ransomware Deletes Backups

The Cyber News Rundown brings you the latest happenings in cybersecurity news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst and a guy with a passion for all things security. Any questions? Just ask.

Zenis Ransomware Makes Resolution Problematic for Victims

Researchers recently discovered a new ransomware variant named Zenis that encrypts in the usual way, but, in a new twist, also deletes all available backups and event logs, and even disables startup repair. In a further departure from the norm, the ransom note doesn’t mention a specific price. Instead, the author requests that victims send the ransom note and another small file to various email addresses to verify that the ransomware author can decrypt them. The author then sends a final price, likely based on the types and quantity of files that will need to be encrypted. It’s still unclear how the variant is being distributed—possibly through RDP or spam emails.

Orbitz Suffers Major Data Breach

Travel site Orbitz has admitted to being the latest victim in a continuing trend of data breaches that affect hundreds of thousands of customers. In this case, the data for nearly 800,000 Orbitz customers was compromised, and the breach lasted from January 2016 until December of 2017. While officials are still working to determine the initial access point, they have discovered that the lost data included full payment info, as well as complete personal data for the company’s customers.

Fake Amazon Ad Achieves Top Position in Google Search Results

In the last several days, researchers found that the top search result for Amazon.com was actually fake and was redirecting anyone who clicked it to a fake tech support page that tried to scare the visitor into contacting Windows Support. Fortunately, Google worked quickly to remove the malicious link from its search results, and GoDaddy took down the domain within an hour of being notified.

Facebook Faces Backlash After Misuse of Sensitive Data

Facebook has announced that the personal data for nearly 50 million users had been illicitly obtained by a third-party analytics firm, which carefully maneuvered through Facebook’s Terms of Service to get data on more than just consenting users. While the data collection app was knowingly downloaded by 270,000 users, the app itself collected not only their data, but the personal data of their entire network of friends. Though Facebook removed the app in 2015 and demanded that the data be destroyed, the app’s creator ignored the request and continued using it for profit.

Celebrity Picture Contains Hidden Crypto-miner

Hackers have recently taken to using image files to distribute malware and other malicious content, as they are simple to reconfigure and difficult to detect. In the latest case, a picture of Scarlett Johansson contained functionality that executed shell commands on a user’s machine and mined Monero cryptocurrency. It had already acquired ~$90,000 worth of Monero by the time of discovery.

The post Cyber News Rundown: Zenis Ransomware Deletes Backups appeared first on Webroot Threat Blog.

By

Cyber News Rundown: Hackable Gas Stations

The Cyber News Rundown brings you the latest happenings in cybersecurity news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst and a guy with a passion for all things security. Any questions? Just ask.

Global Gas Station Software Found Unsecured

Researchers have recently discovered a vulnerability that would allow anyone to remotely access thousands of gas stations from around the world. The vulnerability stems from having these stations be connected to the Internet and can give the potential attacker control of gas prices, access to customer payment information, and even control over surveillance cameras. Unfortunately, due to the average age of the pumps in question and the preinstalled software also being outdated, it is unlikely that many of the machines will, or even can, be updated to protect against these vulnerabilities.

NHS Staff Ignoring Security Policies in Favor of Usability

In a recent survey of NHS professionals, it was found that nearly half are using non-approved messaging apps on a regular basis, rather than more secure channels, as they as quicker and easier to use. Even more alarming, a similar number were either completely unaware of their organization’s policies for safely transferring data or had not received any training on the subject. With data security becoming ever more necessary, the organizations that hold our most sensitive data should be held to an even higher standard, as typical consumers have little choice but to trust that they will keep it safe.

Fortnite Mobile Invite Scams Flood Market Prior to Launch

In the days preceding the launch of Fortnite’s Mobile iOS functionality, hundreds of users have taken to posting fake “invites” for sale, throughout various social media sites. While the actual launch is still several days away, these invites have been offered for a variety of prices in hopes of finding someone eager enough to pay to play early.

AMD Chips Contain Critical Vulnerabilities

Over the last week or so, several critical flaws have been found within AMD processor chips that could be harmful, if exploited. While it would already require some administrative access to even begin using the vulnerabilities for harm, the exploit does allow unsigned, and possibly malicious, code to be uploaded to AMD’s Secure Processing Platform without performing any security checks. As these vulnerabilities are still being researched, the extent of their severity has yet to be fully decided.

Florida Virtual School Hit by Data Breach

Within the last few weeks, officials have been working to contact students, parents, and staff that may have been affected by a data breach that occurred sometime in the last year. While it is still unclear on what sensitive data may have been compromised, identity and credit monitoring services are being provided to anyone who has been in the database over the two-year period when it was illicitly accessed.

The post Cyber News Rundown: Hackable Gas Stations appeared first on Webroot Threat Blog.

By

Cyber News Rundown: MoviePass App Tracks Your Every Move

The Cyber News Rundown brings you the latest happenings in cybersecurity news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst and a guy with a passion for all things security. Any questions? Just ask.

MoviePass Subscription Service Tracks More Than Your Viewing Habits

The CEO of MoviePass recently revealed the full extent of its tracking functionality, which was originally thought to use your location to find a nearby theater. The application can track any user from their home to the theater, and then onward through the rest of their journey, keeping notes on businesses and restaurants the user may visit. While this data is said to only be used to help enhance the user’s evening, it does seem to be a massive breach of privacy given that there is nothing in the terms of service that mentions the full extent of the tracking.

Latest Crypto-Miner Introduces Kill List for Competitive Processes

A new cryptocurrency miner has recently been discovered that seems to have an edge over its competition: the ability to terminate conflicting processes to maintain control over the device’s processing power. While the use of a ‘kill list’ isn’t new to malware in general, this does seem to be the first program that uses it for mining purposes, rather than continuing to propagate.

MacOS Users Getting Browsing Security Update

Within the last week, Google has announced it will begin rolling out a new security feature for MacOS that will give Chrome users additional warnings when attempting to access malicious or compromised websites. While these features have been functional for Windows users for quite some time, it will begin implementing them for MacOS in April of this year. As Mac malware continues to proliferate, the necessity of these features grows right alongside it.

 

Don't Get Hacked

ComboJack Malware Targets Multiple Cryptocurrencies

Recently, researchers have spotted a new email spam campaign that downloads ComboJack, malware that seeks out several types of cryptocurrency wallet addresses currently stored on the device’s clipboard. By running endless checks on the clipboard for any cryptocurrency wallet address information, ComboJack will immediately replace any found address with one belonging to the attacker, while it continues to check for others.

School Employee W-2 Info Stolen in Phishing Scam

Officials have recently been contacting employees of an Alabama school district after a successful phishing attempt led to tax information being sent to a fake email address supposedly belonging to the superintendent of the district. The phishing scam affected at least 30 employees and has forced them to file their taxes manually, rather than electronically, as some returns had already been illicitly filed by the attacker.

The post Cyber News Rundown: MoviePass App Tracks Your Every Move appeared first on Webroot Threat Blog.

By

Cyber News Rundown: A Wild Thanatos Appears!

The Cyber News Rundown brings you the latest happenings in cybersecurity news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst and a guy with a passion for all things security. Any questions? Just ask.

Thanatos Ransomware Causing Major Damage for Victims

A new ransomware variant has recently appeared and is proving to be more troublesome than most that came before it. By using individual encryption keys for each file, which it does not save, decryption is nearly impossible, even after paying the relatively small ransom of $200. Thanatos is also the first ransomware to accept Bitcoin Cash as a payment method.

Cryptojacking Found on LA Times Site

Researchers have stumbled onto yet another unsecured Amazon AWS server running a cryptominer. This time, the LA Times’ Homicide Report is at fault. Initially, the researchers found that the widely-accessible server had public write access turned on, which they reported to the server’s owner. Unfortunately, the researchers weren’t the first to find the server, which is how the Monero miner was placed on a single, moderately trafficked site within the LA Times network.

UK School CCTV Feeds Popping Up on US Websites

Recently, surveillance videos from several UK schools made their way onto a US-based website that hosts unsecured camera footage from around the world. While the footage was mainly from the exterior of the schools, it still causes concern over the safety and privacy of the students the cameras are meant to protect. While the breach can be traced back to the camera manufacturers, who did not implement strong device security, responsibility also falls on the staff who set up the cameras in the first place. This news serves as a reminder to always take cybersecurity precautions and change manufacturer default settings.

Cryptocurrency Miner Packed with Annoying Adware

A new cryptocurrency miner named UpdateChecker has been making the rounds over the last few days. The program is distributed as a fake Flash Player update and comes with the bonus of ads that run at hour-long intervals. The malware itself is downloaded from fake Adobe update websites and will immediately begin optimizing itself for the local machine and checking for updates to its own files. Unfortunately for victims of UpdateChecker, it is rather troublesome to remove, as it will relaunch itself if you kill the process, and can restart the miner anytime you shut it off.

Apple Repair Center Generating Excessive Emergency Calls

Since late last year, emergency dispatchers and police departments in Sacramento County, California have received over 1,600 calls originating from a local Apple repair facility. The calls are likely from one of two devices Apple manufactures that can make emergency calls without a SIM card or service provider. While this isn’t the first case of Apple devices triggering hundreds of emergency calls, the company is working with local law enforcement agencies to find a resolution.

The post Cyber News Rundown: A Wild Thanatos Appears! appeared first on Webroot Threat Blog.