Jeremy Kirk

Author Archives: Jeremy Kirk

With few options, companies increasingly yield to ransomware demands

Faced with few options, companies are increasingly giving in to cybercriminals who hold their data hostage and demand payment for its return, while law enforcement officials struggle to catch the nearly invisible perpetrators.The risks to organizations have become so severe that many simply pay their attackers to make them go away -- a strategy that may only embolden the crooks.It's a case of asymmetric electronic warfare. Ransomware, which encrypts files until a victim pays to have them unlocked, can be devastating to an organization. Barring an up-to-date backup, little can be done aside from paying the attackers to provide the decryption keys.To read this article in full or to leave a comment, please click here

With few options, companies increasingly yield to ransomware demands

Faced with few options, companies are increasingly giving in to cybercriminals who hold their data hostage and demand payment for its return, while law enforcement officials struggle to catch the nearly invisible perpetrators.The risks to organizations have become so severe that many simply pay their attackers to make them go away -- a strategy that may only embolden the crooks.It's a case of asymmetric electronic warfare. Ransomware, which encrypts files until a victim pays to have them unlocked, can be devastating to an organization. Barring an up-to-date backup, little can be done aside from paying the attackers to provide the decryption keys.To read this article in full or to leave a comment, please click here

Adobe to issue emergency patch for Flash vulnerability

Adobe is working on an emergency patch for its Flash Player after attackers are reportedly exploiting a critical flaw. The vulnerability, CVE-2016-1019, affects Flash Player version 21.0.0.197 on Windows, Mac, Linux and Chrome OS, according to an advisory published on Tuesday. The flaw is being actively exploited on Windows XP and 7 systems running Flash Player versions 20.0.0.306 and earlier. "Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system," it said. A patch could be released as soon as Thursday.To read this article in full or to leave a comment, please click here

Adobe to issue emergency patch for Flash vulnerability

Adobe is working on an emergency patch for its Flash Player after attackers are reportedly exploiting a critical flaw. The vulnerability, CVE-2016-1019, affects Flash Player version 21.0.0.197 on Windows, Mac, Linux and Chrome OS, according to an advisory published on Tuesday. The flaw is being actively exploited on Windows XP and 7 systems running Flash Player versions 20.0.0.306 and earlier. "Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system," it said. A patch could be released as soon as Thursday.To read this article in full or to leave a comment, please click here

The latest Flash zero-day was used to spread Cerber ransomware

The latest zero-day vulnerability in Adobe Systems' Flash player has been used over the last few days to distribute ransomware called Cerber, email security vendor Proofpoint said.Adobe said it would patch the flaw, CVE-2016-1019, on Thursday. The vulnerability affects all versions of Flash Player on Windows, Mac, Linux and Chrome OS.Ryan Kalember, senior vice president of cybersecurity at Proofpoint, said his company detected an attack trying to exploit the flaw on Saturday.One of Proofpoint's customers received an email with a document that contained a malicious macro that led victims through a series of redirects that eventually reached an exploit kit.To read this article in full or to leave a comment, please click here

The latest Flash zero-day was used to spread Cerber ransomware

The latest zero-day vulnerability in Adobe Systems' Flash player has been used over the last few days to distribute ransomware called Cerber, email security vendor Proofpoint said.Adobe said it would patch the flaw, CVE-2016-1019, on Thursday. The vulnerability affects all versions of Flash Player on Windows, Mac, Linux and Chrome OS.Ryan Kalember, senior vice president of cybersecurity at Proofpoint, said his company detected an attack trying to exploit the flaw on Saturday.One of Proofpoint's customers received an email with a document that contained a malicious macro that led victims through a series of redirects that eventually reached an exploit kit.To read this article in full or to leave a comment, please click here

Adobe to issue emergency patch for Flash vulnerability

Adobe is working on an emergency patch for its Flash Player after attackers are reportedly exploiting a critical flaw.The vulnerability, CVE-2016-1019, affects Flash Player version 21.0.0.197 on Windows, Mac, Linux and Chrome OS, according to an advisory published on Tuesday.The flaw is being actively exploited on Windows XP and 7 systems running Flash Player versions 20.0.0.306 and earlier."Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system," it said.A patch could be released as soon as Thursday.To read this article in full or to leave a comment, please click here

Adobe to issue emergency patch for Flash vulnerability

Adobe is working on an emergency patch for its Flash Player after attackers are reportedly exploiting a critical flaw.The vulnerability, CVE-2016-1019, affects Flash Player version 21.0.0.197 on Windows, Mac, Linux and Chrome OS, according to an advisory published on Tuesday.The flaw is being actively exploited on Windows XP and 7 systems running Flash Player versions 20.0.0.306 and earlier."Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system," it said.A patch could be released as soon as Thursday.To read this article in full or to leave a comment, please click here

Server software poses soft target for ransomware

An alternate method for infecting computers with ransomware signals a shift in tactics by cybercriminals that could put businesses at greater risk, according to Symantec.A type of ransomware called Samsam has been infecting organizations but is not installed in the usual way."Samsam is another variant in a growing number of variants of ransomware, but what sets it apart from other ransomware is how it reaches its intended targets by way of unpatched server-side software," Symantec wrote.The perpetrators behind Samsam use a legitimate penetration tool called Jexboss to exploit servers running Red Hat's JBoss enterprise application server.To read this article in full or to leave a comment, please click here

Server software poses soft target for ransomware

An alternate method for infecting computers with ransomware signals a shift in tactics by cybercriminals that could put businesses at greater risk, according to Symantec.A type of ransomware called Samsam has been infecting organizations but is not installed in the usual way."Samsam is another variant in a growing number of variants of ransomware, but what sets it apart from other ransomware is how it reaches its intended targets by way of unpatched server-side software," Symantec wrote.The perpetrators behind Samsam use a legitimate penetration tool called Jexboss to exploit servers running Red Hat's JBoss enterprise application server.To read this article in full or to leave a comment, please click here

WhatsApp turns on end-to-end encryption

Facebook-owned WhatsApp has strengthened the encryption of its widely used instant messaging app, a development that in theory makes it harder for law enforcement to gain access to communications.WhatsApp's founders said Tuesday that the application now implements end-to-end encryption, which means only authorized users can decrypt messages."The idea is simple: when you send a message, the only person who can read it is the person or group chat that you send that message to," Jan Koum and Brian Acton wrote in a blog post. "No one can see inside that message. Not cybercriminals. Not hackers. Not oppressive regimes. Not even us."To read this article in full or to leave a comment, please click here

WhatsApp turns on end-to-end encryption

Facebook-owned WhatsApp has strengthened the encryption of its widely used instant messaging app, a development that in theory makes it harder for law enforcement to gain access to communications.WhatsApp's founders said Tuesday that the application now implements end-to-end encryption, which means only authorized users can decrypt messages."The idea is simple: when you send a message, the only person who can read it is the person or group chat that you send that message to," Jan Koum and Brian Acton wrote in a blog post. "No one can see inside that message. Not cybercriminals. Not hackers. Not oppressive regimes. Not even us."To read this article in full or to leave a comment, please click here

Trump Hotels investigating possible payment card breach

The Trump Hotel Collection said on Monday it is working with the Secret Service and FBI to investigate a possible payment card breach, its second one in less than a year.The luxury hotel group is run by Republican presidential candidate Donald Trump and his family. "Like virtually every other company these days, we are routinely targeted by cyber terrorists whose only focus is to inflict harm on great American businesses," said Eric Trump, one of the candidate's sons, in an email statement. "We are committed to safeguarding all guests' personal information and will continue to do so vigilantly."News of the breach was first reported by computer security writer Brian Krebs, citing three unnamed sources in the financial sector.To read this article in full or to leave a comment, please click here

CloudFlare aims to block fewer legitimate Tor users

CloudFlare is tweaking its systems to make it easier for legitimate Tor users to access websites that use its network to deliver content.Tor users have complained that CloudFlare-powered websites too frequently display CAPTCHAs, a security gate designed to stop automated web bots and abuse. CAPTCHAs are the squiggly text or puzzles you have to solve to prove you're a real human.The problem is that many computers employing Tor are engaged in abusive activity, resulting in CloudFlare displaying CAPTCHAs when it detects a computer using the Tor network.Legitimate Tor users thus have a poor browsing experience given the wide use of CloudFlare's CDN.To read this article in full or to leave a comment, please click here

MedStar Health partially restores services after suspected ransomware attack

MedStar Health said Wednesday it is restoring computer systems following a cyberattack that reportedly involved file-encrypting malware.The not-for-profit organization, which runs 10 hospitals in the Washington, D.C., area, was hit with ransomware, the Baltimore Sun reported on Wednesday, citing two anonymous sources.MedStar Health officials could not be immediately reached for comment. The organization issued two statements Wednesday, but did not describe what type of malware infected its systems.It said in one statement that its IT team has worked continuously to restore access to three main clinical systems. It said no patient data or associate data was compromised.To read this article in full or to leave a comment, please click here

CNBC just collected your password and shared it with marketers

CNBC inadvertently exposed peoples' passwords after it ran an article Tuesday that ironically was intended to promote secure password practices. The story was removed from CNBC's website shortly after it ran following a flurry of criticism from security experts. Vice's Motherboard posted a link to the archived version. Embedded within the story was a tool in which people could enter their passwords. The tool would then evaluate a password and estimate how long it would take to crack it. A note said the tool was for "entertainment and educational purposes" and would not store the passwords. That turned out not to be accurate, as well as having other problems.To read this article in full or to leave a comment, please click here

Large US healthcare provider’s network shut down by malware

A large healthcare provider in the Washington, D.C., area said it has resorted to paper transactions after malware crippled part of its network early Monday.MedStar Health, a not-for-profit that runs 10 hospitals, said its clinical facilities were functioning and that it did not appear data had been compromised. The malware prevented "certain users from logging into our system.""MedStar acted quickly to prevent the virus from spreading throughout the organization," it said in a statement posted on Facebook. "We are working with our IT and cybersecurity partners to fully assess and address the situation."To read this article in full or to leave a comment, please click here

FireEye says hackers are racing to compromise POS systems

Cybercriminals are redoubling efforts to steal payment card details from retailers before new defenses are put in place, according to FireEye.More than a dozen types of malware were found last year that target point-of-sale systems, the electronic cash registers the process payments at many retailers.Over the last few years, hackers have successfully breached the systems, targeting weaknesses or software vulnerabilities in order to extract card details to sell on the black market.As of last October, retailers are liable for fraudulent transactions that are not completed using EMV payment cards, which have a microchip and enhanced security defenses that better shield card data.  To read this article in full or to leave a comment, please click here

Firmware bug in CCTV software may have given POS hackers a foothold

A researcher with RSA says faulty firmware found in security cameras sold by at least 70 vendors may be a contributor to many of the credit card breaches that have proved costly to retailers.Rotem Kerner based his research on a paper RSA published in December 2014 into a malware nicknamed Backoff, which steals payment card details processed by point-of-sale systems.The U.S. Secret Service and Department of Homeland Security warned in August 2014 that upwards of 1,000 U.S. businesses may have been infected with Backoff.To read this article in full or to leave a comment, please click here

This bag of tricks may help stop a Locky ransomware infection

A malware researcher has found a few tricks to stop one of the latest types of ransomware, called Locky, from infecting a computer without using any security programs.Ransomware is malware that encrypts a computer's files. Users are shown instructions for how to pay a fee to get the decryption key. The costs can range from a few hundreds dollars to thousands, payable to cybercriminals in bitcoin.Locky is a relative newcomer to the ransomware scene, which computer security researchers first saw over the last few months. It is primarily distributed through spam messages that try to trick people into opening attachments, such as fake invoices.To read this article in full or to leave a comment, please click here

1 2 3 18