The Department of Health and Human services has issued a warning to healthcare providers to be on high alert for the SamSam strain of ransomware, which has been used to attack eight different health care entities so far this year. SamSam made its first appearance in 2016 and is seeing increasingly widespread use so far this year. Unfortunately, the healthcare industry is considered by most to be a soft target. On the Dark Web, healthcare data has become more highly sought after than credit … Read more
Some VW and Audi Cars May Be Hacked Through WiFi
Thanks to researchers Daan Keuper and Thijs Alkemade (who work at the Dutch cyber-security firm Computest), newly produced Golf GTE and Audi A3 vehicles are a little bit safer, and a lot less vulnerable to remote hacks. The duo found that by taking advantage of these vehicles' WiFi connection, they could access the cars' IVI, (in-vehicle infotainment system) and from there, gain access to other systems as well. The researchers had this to say about their work: "Under certain conditions, … Read more
Use Caution Traveling, Hackers Now Have Keys To Hotel Rooms
Score one for the good guys, but with hesitation. Unfortunately, in today's fast-moving digital world, even a victory doesn't mean the end of a problem. Recently, a pair of researchers (Tomi Tuominen and Timo Hirvonen of F-Secure) released information about a new hack they had discovered. It takes advantage of a critical security flaw in the magnetic VingCard locking systems used in hotel chains around the world. This particular system produced by Assa Abloy is deployed in more than 42,000 … Read more
Hackers Can Use PDF Files To Access Windows Credentials
Security researcher Assaf Baharav from Check Point Security has discovered a new twist on an old, fairly well-known attack. He was able to essentially "weaponize" PDFs to steal Windows credentials stored in NTLM hashes. Unfortunately, no action other than simply opening the PDF is required for the hacker to gain access to the information. Baharav used the same methodology that hackers have used in the past, which amounts to instantiating SMB requests from inside the document. Hackers have … Read more
WiFi Sync on iOS Vulnerable To TrustJacking
Owners of Apple devices have a new attack vector to worry about, called "TrustJacking." Symantec researchers recently stumbled across a pair of scenarios that take advantage of Wi-Fi syncing of various Apple devices. These are scenarios that also take advantage of the trust users have in the security of their own devices, allowing hackers to take complete control over those devices. The flaw is a consequence of the way that iTunes Wi-Fi Sync is designed. The vulnerability manifests when a … Read more
New Malware Takes Screenshots and Steals Your Passwords
Recently, a new strain of malware called "SquirtDanger" has been found by researchers at Palo Alto Networks Unit 42, and it's a particularly nasty one for a couple of reasons. First and foremost, the owner of the malware isn't orchestrating campaigns himself, but rather, selling his product as a commodity on the Dark Web. That has troubling implications because the malware is quite advanced, and since it's being sold to a broad cross-section of hackers, odds are excellent that it will be … Read more
Bank Employee Steals Info On Over A Million Customers
Atlanta-based SunTrust Bank is the 12th largest bank in the US. They have a major problem, and so do roughly a million and a half of its customers. According to CEO William Rogers, an unidentified employee of the firm printed a vast amount of private customer information, including their names, addresses, phone numbers and account balance information. Rogers stressed that social security numbers, account numbers, driver's license numbers, user IDs, and passwords were not exposed. In a … Read more
Researchers Find Major Vulnerabilities In Banking Apps
Do you do your banking online? If so, there's bad news in the form of a report recently released by the security firm "Positive Technologies." The company tested a variety of websites using a proprietary tool they developed in-house, which scans websites for security flaws. While flaws were found across a wide range of industries, literally every banking site Positive Technologies tested was found to have serious security flaws. The particulars varied from one bank to the next, but the … Read more
Major Server Ring Distributing Malware Taken Down
Score one for the good guys. A researcher from BrilliantIT was recently able to figure out how infected computers would connect to EITest's command and control server, and using that information, was able to bring down their entire network. If you haven't heard of EITest before, the true significance of that statement might not be registering. EITest first appeared in 2011. In its original incarnation, it was little more than an annoyance. It was a collection of compromised servers used … Read more
Hacked Routers Being Used To Spread Malware
Beware of compromised routers spreading malware. This is according to both Kaspersky Labs and a recently released government report. Using hacked routers to spread malware is nothing new. Security insiders have known about it for years. However, since 2008, the number of instances where routers are being used to push malicious code has been steadily increasing. Researchers are observing marked increases in their use by APTs (Advanced Persistent Threat) around the world. APTs are nothing … Read more
