Blog

Blog

Android Trojan Performs DNS Hijacking Attacks against Wireless Routers

A new Android trojan targets wireless routers and performs DNS hijacking instead of attacking users directly. Kaspersky Lab found that the trojan, dubbed Trojan.AndroidOS.Switcher, generally adopts one of two disguises. The first facade (com.baidu.com) is a fake mobile client for the Chinese search engine Baidu. The second (com.snda.wifi) is a fake...
Blog

2016 Reflections on ICS Security

As the year approaches the end, it is a time to reflect on 2016 and industrial control systems (ICS) security. Why ICS security? Because securing ICS should be everyone’s concern. Consider the impact on this critical infrastructure and what it means to you. Impact Why? Your entertainment—watching movies on your TV or laptop,...
Blog

The Top 5 Scam Types of 2016

In a recent article, I discussed how HDDCryptor, Cerber, and eight other families dominated the ransomware scene in 2016. It was a good year for ransomware authors. But they weren't the only ones who closed out 2016 in the black. Scammers also made a killing off unsuspecting users. They did so partly because 2016 saw such a dramatic spike in scams....
Blog

Cerber Ransomware Spread by Nemucod in Pseudo-Darkleech Campaign

A pseudo-Darkleech campaign is exposing users to Nemucod malware that in turn downloads Cerber ransomware onto their machines. Heimdal's security evangelist Andra Zaharia found the campaign hinges on pseudo-Darkleech infections by which malicious actors compromise WordPress websites and inject code into core WP files. The code displays a malicious...
Blog

Defending Against Social Engineering

As John McAfee, founder of McAfee Antivirus, tells us: "Social engineering has become about 75% of an average hacker's toolkit, and for the most successful hackers, it reaches 90% or more." Breaching a firewall is hard; impersonating tech support over the telephone is easy. Few motivated hackers planning an attack on a target will try technical...
Blog

Tumblr Restores Service Following DDoS Attack

Tumblr is back up and running following a distributed denial-of-service (DDoS) attack that took the social media platform down for several hours. At approximately 15:15 EST on 22 December, online status tools reported the website was down. Tumblr confirmed as much on Twitter, saying some of its users were "experiencing latency affecting the...
Blog

The Rise of VR and Its Impending Security Risks

When virtual reality (VR) makes it big, what do we have to worry about when it comes to security? Until recently, locking down VR devices hasn’t been much of a concern, as the technology has only been a curiosity without much adoption… not a big target for hackers. For example, primitive and bulky prototype VR devices were being tested in labs as...
Blog

Once again, you can decrypt your CryptXXX ransomware files for free

Ransomware is a significant problem, there's no doubt about that. Time and time again, companies and individuals fall foul of malware that encrypts their data files and demands a ransom be paid for the elusive decryption key. But sometimes, just sometimes, the ransomware authors make mistakes. Because sometimes, ways are found to undo the damage...
Blog

Top 4 Tips for Purple Team Exercises

Purple Teaming is gaining a lot of movement and popularity. Before delving deeper into some top tips for exercises, I thought I would re-iterate that “Purple Team” is essentially a buzzword for getting the most out of a pentest / red team exercise. There’s nothing complicated about it. Yes, it is a buzzword, but one that instantly helps everyone to...
Blog

7 Digital Security Lessons from Mr. Robot

I am going to put the spoiler warning right here in the first sentence: I am going to be talking about season two of Mr. Robot, and I'm not holding anything back. Read on if you have already watched it. If you haven't watched it, keep reading to see how life imitates art. And if not art, then at least a cable TV show. Those of you here at The State...
Blog

Lean and Mean! Alice Malware Designed Solely to Empty Safe of ATMs

A new malware family named Alice is lean, mean, and designed solely to empty the safe of ATMs. Researchers at the Los Angeles security software company Trend Micro first discovered Alice in November 2016. It appears to have been in the wild since October 2014. Alice makes use of several evasive techniques to avoid detection. First, it follows the...
Blog

2016 Phishing Nightmare Stories

‘Twas the night before Christmas, when all through the house, not a creature was stirring, not even a mouse...” But you can bet your Inbox received at least one lump of coal in the form of a phishing email. That’s right, the bad actors have been very naughty in 2016 delivering millions of fraudulent messages trying to entice trustworthy people to...
Blog

Infosec in Review: Security Professionals Look Back at 2016

2016 was an exciting year in information security. There were mega-breaches, tons of new malware strains, inventive phishing attacks, and laws dealing with digital security and privacy. Each of these instances brought the security community to where we are now: on the cusp of 2017. Even so, everything that happened in 2016 wasn't equally significant...
Blog

RansomFree Tool Helps Defend Windows PCs against Ransomware

A free tool called RansomFree that helps protect computers and servers running Windows against ransomware is now available for download. Boston security firm Cybereason developed its tool to respond to the evolution of ransomware, including the ability of most crypto-malware to bypass anti-virus solutions. As Cybereason Labs researcher Uri Sternfeld...
Blog

10 Security Tips for Linux Post-Install

Ask any geek and they'll tell you how fun it is to install Linux on a new machine. Whether you're trying out a new distro or installing an upgraded version, there is something cathartic about jumping on the Linux bandwagon and hacking away on a new system. Although Linux by nature is more secure than Windows, there are still steps that need to be...
Blog

FBI Arrests Man for Using Xtreme DDoS-for-Hire Service

The Federal Bureau of Investigations (FBI) has arrested a man for renting out portions of the Xtreme DDoS-for-hire service to conduct distributed denial of service attacks. On 9 December, the FBI arrested and charged Sean Sharma, a 26-year-old graduate student at the University of Southern California, for launching a DDoS attack against the San...
Blog

What Will Protect Your Connected Car Against Hackers?

There are a lot of great benefits to a connected car like the new Toyota Highlander: increased integration, a more comfortable driving experience and personalized controls, just to name a few. However, with increased computing power comes increased risk that hackers could take control of a car remotely, causing it to speed up, turn off, or turn...
Blog

The Top 10 Ransomware Strains of 2016

2016 was a busy year for ransomware. Some samples targeted critical infrastructure, while others went after rival crypto-malware families. Some adopted new techniques to prey upon users, whereas others went offline entirely. Hundreds if not thousands of ransomware families now dominate the playing field. But they're not all created equal. Here are...
Blog

Man Arrested on Charges of Coordinating Hack against JPMorgan, Others

U.S. law enforcement has arrested a man on charges that he helped orchestrate hacking attacks against JPMorgan Chase and other financial institutions. On 14 December, FBI agents arrested Joshua Samuel Aaron, also known as "Mike Shields," at John F. Kennedy International Airport. BBC News reports that Aaron had been living in Russia as a fugitive. He...
Blog

Phishing Attack Uses Punycode to Try to Steal Office 365 Credentials

To convey language, the computing industry relies on American Standard Code for Information Interchange (ASCII), or 7-bit binary numbers used to depict every letter, number, and special character. ASCII doesn't allow for the straightforward representation of Unicode, or all the characters and symbols which factor into the computing industry's...