Who's Online?

  • Guest Users: 3

22/08/17

  12:45:00 pm by Admin, Categories: News, Security, Virus - Ransomware - Spyware , Tags: malware, security

A new malware family detected under the name of CoinMiner is causing users and security firms alike loads of problems, being hard to stop or detect due to the combination of various unique features.

The malware — a cryptocurrency miner — uses the EternalBlue NSA exploit to infect victims and the WMI (Windows Management Instrumentation) toolkit as a method to run commands on infected systems.

In addition, CoinMiner also runs in memory (fileless malware), and uses multiple layers of command and control servers to deploy the multitude of scripts and components it needs to infect victims.

All of these make a deadly mixture of features that spell trouble for outdated machines and systems running antivirus solutions not up to par with the latest infection techniques.

Avoid getting infected with CoinMiner by disabling SMBv1...

 Permalink

You must be logged in to see the comments. Log in now!

If you have no account yet, you can register now...
(It only takes a few seconds!)


Form is loading...

  12:37:00 pm by Admin, Categories: News, Security, Android 101

An advertising software development kit (SDK) embedded in many legitimate apps has been secretly siphoning user data and sending it to the servers of a Chinese company.

Developed by Chinese firm Igexin, the advertising SDK was found in over 500 apps that were uploaded on the official Google Play Store and had been downloaded over 100 million times across the Android ecosystem.

Investigation started after noticing suspicious API requests

Researchers say they got on the trail of the Igexin SDK after they noticed that known malware samples were being downloaded on clean smartphones after the device made a request to the Igexin API server.
Following months of investigation, researchers from mobile security firm Lookout discovered that Igexin developers were using SDK legitimate functions to send malicious commands to legitimate apps.

Based on the permissions the legitimate apps received from users during installation, Lookout says it observed the SDK collecting all sorts of data from users' devices, but mostly call logs.

In addition, the SDK also forcibly downloaded and ran code contained in large encrypted files. This code aided the malicious behavior.
<--More -->

You must be logged in to see the comments. Log in now!

If you have no account yet, you can register now...
(It only takes a few seconds!)


Form is loading...

16/08/17

  10:43:00 am by Admin, Categories: Security

The threat of cyber security is unquestionably growing more serious over time. The impact of attacks on businesses can be devastating, and for many, the source remains unknown - as many as 35% of attacks on UK-based organisations are from an unknown source.

The majority of organisations consider dealing with cyber threats, and ransomware in particular, as a high priority, but many lack confidence in their ability to respond to a successful attack.

These charts are from the results of a survey undertaken in the United Kingdom as part of a larger survey of organisations across the world on ransom-ware and other critical security issues. It was conducted with small to mid-sized businesses during June 2017. with individuals who are responsible for or knowledgeable about cyber security issues at 175 UK organisations.

The full report on the state of ransomware in the UK is available to download for free here.
Download now

You must be logged in to see the comments. Log in now!

If you have no account yet, you can register now...
(It only takes a few seconds!)


Form is loading...

29/02/16

  05:21:00 pm by Admin, Categories: News, Security, Virus - Ransomware - Spyware

Recent reports have indicated that the actors behind Dridex, originally a banking Trojan distributor, have switched tactics, and are now heavily pushing out a new ransomware called Locky.

The current method of distribution is via a spam email, which contains a Word document. Additional reports have stated that it is being distributed via the Neutrino Exploit Kit.

dodi

Note, the file name may be different for every email sent, but the file will always be a Word document.

If you open the email, you’ll see an alert by Word, which warns you that the document contains a macro. Macros allow users to “code” specific procedures into the document, to help automate or repeat specific tasks.

Full story »

You must be logged in to see the comments. Log in now!

If you have no account yet, you can register now...
(It only takes a few seconds!)


Form is loading...

19/02/16

  08:40:00 pm by Admin, Categories: News, Security

This is an update to a previous alert sent from Action Fraud in November 2015.

Fraudsters are setting up high specification websites advertising various electrical goods and domestic appliances. These goods are below market value and do not exist. The website will state you can pay via card; however when the purchaser goes to pay, this option is not available and the payment must be made via bank transfer.

The fraudster entices the purchaser and reassures them it is a legitimate purchase by using the widely recognised Trusted Shop Trustmark. They then use the Trustmark fraudulently and provide a link on the bogus electrical website to another bogus website (which purports to be Trusted Shops). This website shows a fake certificate purporting to be from Trusted Shops and provides thousands of reviews for the bogus electrical website. These reviews are all fraudulent. The website has not been certified by Trusted Shops and therefore the purchaser is not covered by the Trusted Shop money-back guarantee.

Protect yourself:

  • Check the authenticity of the website before making any purchases. Conduct a ‘Whois’ search on the website which will identify when the website has been created- Be wary of newly formed domains. You can conduct this search using the following website – https://who.is/
  • Conduct online research in relation to the website, company name and the business address provided to identify any poor feedback or possible irregularities.
  • Check the Trusted Shops Facebook page where warnings about websites using their Trustmark are published. If you are in doubt about the legitimacy of a Trustmark then you can contact Trusted Shops on 0203 364 5906 or by email service@trustedshops.co.uk. They will confirm whether they have certified that website.
  • Payments made via bank transfer are not protected should you not receive the item. Therefore always try to make the payment via PayPal or a credit card where you have some payment cover should you not receive your product.
  • If the item advertised seems too good to be true, then it probably is.  


If you, or anyone you know, have been affected by this fraud or any other scam, report it to Action Fraud by calling 0300 123 2040 or visiting www.actionfraud.police.uk.

You must be logged in to see the comments. Log in now!

If you have no account yet, you can register now...
(It only takes a few seconds!)


Form is loading...

::