Chinese Traders Charged With Trading on Information Stolen from Hacked Law Firms

The Securities and Exchange Commission (SEC) on Tuesday charged three Chinese men for trading on information stolen from two prominent New York-based law firms they hacked in 2014 and 2015.

The Securities and Exchange Commission (SEC) on Tuesday charged three Chinese men for trading on information stolen from two prominent New York-based law firms they hacked in 2014 and 2015.

Continue reading “Chinese Traders Charged With Trading on Information Stolen from Hacked Law Firms”

Destructive KillDisk Malware Turns Into Ransomware

A recently discovered variant of the KillDisk malware encrypts files and holds them for ransom instead of deleting them. Since KillDisk has been used in attacks aimed at industrial control systems (ICS), experts are concerned that threat actors may be bringing ransomware into the industrial domain.

A recently discovered variant of the KillDisk malware encrypts files and holds them for ransom instead of deleting them. Since KillDisk has been used in attacks aimed at industrial control systems (ICS), experts are concerned that threat actors may be bringing ransomware into the industrial domain.

Continue reading “Destructive KillDisk Malware Turns Into Ransomware”

Five New Year’s Resolutions for the InfoSec Community

This time every year I tell myself the same thing: “You’ve got to cut back on the drinking.” But I’m not about to listen to some weirdo who talks to himself.

This time every year I tell myself the same thing: “You’ve got to cut back on the drinking.” But I’m not about to listen to some weirdo who talks to himself. Yet, I want to make some kind of resolution! What’s left of the professional in me has some ideas about resolutions that we, as a security community, can make. Here are five.

Continue reading “Five New Year’s Resolutions for the InfoSec Community”

Three Ways To Defend Against Ransomware

Ransomware events quadrupled in 2016 with an average of 4,000 attacks occurring every day according to research from IBM Security. Adding to the pain are new varieties of ransomware that have continued to emerge and evolve using more sophisticated techniques.

Ransomware events quadrupled in 2016 with an average of 4,000 attacks occurring every day according to research from IBM Security. Adding to the pain are new varieties of ransomware that have continued to emerge and evolve using more sophisticated techniques. Kaspersky Lab found 62 new variants of ransomware in 2016, and we expect this trend to continue in 2017.

Continue reading “Three Ways To Defend Against Ransomware”

Critical RCE Flaw Patched in PHPMailer

The developers of PHPMailer have patched a critical vulnerability that can be exploited by a remote attacker for arbitrary code execution, a researcher said on Sunday.

With millions of installations, PHPMailer is considered the world’s most popular email creation and transfer class for PHP.

The developers of PHPMailer have patched a critical vulnerability that can be exploited by a remote attacker for arbitrary code execution, a researcher said on Sunday.

Continue reading “Critical RCE Flaw Patched in PHPMailer”

Don’t Fall For This Christmas Scam

In the last couple days before Christmas, people are frantically buying last-minute gifts.

But being harried sets you up to be the perfect hacking victim.

And the latest scam is preying on people using a seemingly innocuous tool — the wish list, employed by a range of stores including Amazon, Target, Walmart, Overstock, Toys R Us, and others.

In the last couple days before Christmas, people are frantically buying last-minute gifts.

Continue reading “Don’t Fall For This Christmas Scam”

Holiday-Themed Spam Campaigns Ramp Up

This time of the year, spam campaigns are increasingly adopting holiday themes to improve their malware distribution rate and steal users’ banking information or to trick victims into accessing fake online stores, security researchers warn.

This time of the year, spam campaigns are increasingly adopting holiday themes to improve their malware distribution rate and steal users’ banking information or to trick victims into accessing fake online stores, security researchers warn.

Continue reading “Holiday-Themed Spam Campaigns Ramp Up”

Phishers Adopt Malware Distribution-Like Tactics

A recently detected phishing campaign designed to steal credit card information employed a series of attack tactics previously associated with malware distribution, Proofpoint security researchers reveal.

The technique involves the distribution of a malicious document inside a .zip archive that is password-protected.

A recently detected phishing campaign designed to steal credit card information employed a series of attack tactics previously associated with malware distribution, Proofpoint security researchers reveal.

Continue reading “Phishers Adopt Malware Distribution-Like Tactics”

Defending Against The Rising Threat of “Non-malware” Attacks

Severe non-malware attacks and ransomware are the two stand-out malicious behaviors of 2016. When combined, as they have been with the PowerWare extortion, the attack can be both dangerous and difficult to detect.

Severe non-malware attacks and ransomware are the two stand-out malicious behaviors of 2016. When combined, as they have been with the PowerWare extortion, the attack can be both dangerous and difficult to detect.

Continue reading “Defending Against The Rising Threat of “Non-malware” Attacks”

Stolen Passwords Lead To Fraudulent Groupon Shopping Sprees

Groupon is a terrific way to discover new things to do and places to eat, and even score deals on merchandise. If your password habits aren’t the best it’s also a convenient way for fraudsters spend your hard-earned money.

Groupon is a terrific way to discover new things to do and places to eat, and even score deals on merchandise. If your password habits aren’t the best it’s also a convenient way for fraudsters spend your hard-earned money.

Continue reading “Stolen Passwords Lead To Fraudulent Groupon Shopping Sprees”