A security solution is supposed to bring you comfort and peace of mind—and most of all, keep you safe from this very sort of intrusion! If an incident like this has you feeling unsettled, don’t panic. Switch to VIPRE today for the highest-rated antivirus and anti-malware solution, headquartered right here in the United States, right now available for up to $35 off!*
Don’t be a victim. Bite back against malware—and foreign spies!—with VIPRE!
]]>A report from Duo Security details a potentially systemic issue that leaves Mac computers susceptible to highly targeted and stealthy attacks.
The report shows Mac users who have updated to the latest operating system or downloaded the most recent security update may not be as secure as they originally thought.
Duo Security’s analysis of more than 73,000 Macs across various industries found the Extensible Firmware Interface (EFI) in many models was not receiving security updates that users thought they were getting. This left users susceptible to previously disclosed vulnerabilities such as Thunderstrike 2 and the recent WikiLeaks Vault 7 data dumps that detail attacks against firmware.
While Apple devices were the focus of the study, experts at the company told The Washington Post that Windows-based machines are even more likely to be at risk, because of the range of manufacturers involved in building PCs.
In 2015, Apple began bundling its software and firmware updates in an effort to ensure users automatically obtain the most current firmware security. This allowed Duo Security to analyze the state of Apple’s EFI security by looking at Mac updates over the past three years.
Duo Security’s key findings are:
Users running a version of the Mac OS that is older than the latest major release (High Sierra) likely have EFI firmware that has not received the latest fixes for known EFI issues. This means those systems can be software-secure but firmware-
On average, 4.2% of Macs running an EFI firmware version that’s different from what they should be running.
At least 16 models have never received any EFI firmware updates. The 21.5” iMac, released in late 2015, has the highest occurrence of incorrect EFI firmware with 43% of sampled systems running incorrect versions.
47 models capable of running 10.12, 10.11, 10.10 did not have an EFI firmware patch addressing the vulnerability, Thunderstrike. 31 models did not have an EFI firmware patch addressing the remote version of the vulnerability, Thunderstrike 2.
Two recent security updates issued by Apple (Security Update 2017-001 for 10.10 and 10.11) contained the wrong firmware with the update. This would indicate regression or a lag in quality assurance.
The National Cyber Security Awareness Month (NCSAM) was created in 2003 by the U.S. Department of Homeland Security and National Cyber Security Alliance to ensure everyone has the resources they need to stay safe and secure online. The goal of NCSAM is to increase the awareness of the ever-evolving cyber security landscape and bring attention to different measures people can take to keep their information protected.
The malware — a cryptocurrency miner — uses the EternalBlue NSA exploit to infect victims and the WMI (Windows Management Instrumentation) toolkit as a method to run commands on infected systems.
In addition, CoinMiner also runs in memory (fileless malware), and uses multiple layers of command and control servers to deploy the multitude of scripts and components it needs to infect victims.
All of these make a deadly mixture of features that spell trouble for outdated machines and systems running antivirus solutions not up to par with the latest infection techniques.
]]>Developed by Chinese firm Igexin, the advertising SDK was found in over 500 apps that were uploaded on the official Google Play Store and had been downloaded over 100 million times across the Android ecosystem.
Investigation started after noticing suspicious API requests
Researchers say they got on the trail of the Igexin SDK after they noticed that known malware samples were being downloaded on clean smartphones after the device made a request to the Igexin API server.
Following months of investigation, researchers from mobile security firm Lookout discovered that Igexin developers were using SDK legitimate functions to send malicious commands to legitimate apps.
Based on the permissions the legitimate apps received from users during installation, Lookout says it observed the SDK collecting all sorts of data from users' devices, but mostly call logs.
In addition, the SDK also forcibly downloaded and ran code contained in large encrypted files. This code aided the malicious behavior.
<--More -->
The majority of organisations consider dealing with cyber threats, and ransomware in particular, as a high priority, but many lack confidence in their ability to respond to a successful attack.
These charts are from the results of a survey undertaken in the United Kingdom as part of a larger survey of organisations across the world on ransom-ware and other critical security issues. It was conducted with small to mid-sized businesses during June 2017. with individuals who are responsible for or knowledgeable about cyber security issues at 175 UK organisations.
The full report on the state of ransomware in the UK is available to download for free here.
Download now
The current method of distribution is via a spam email, which contains a Word document. Additional reports have stated that it is being distributed via the Neutrino Exploit Kit.
Note, the file name may be different for every email sent, but the file will always be a Word document.
If you open the email, you’ll see an alert by Word, which warns you that the document contains a macro. Macros allow users to “code” specific procedures into the document, to help automate or repeat specific tasks.
However, in the case of Locky, it is used to install the malware on the machine.
This is a screenshot of the actual macro that delivers Locky.
If you happen to ignore the alert from Word, and clicked on Enable content, Locky will scan your system for specific files, and will encrypt them, or modify them so that you cannot use them anymore, unless you pay the ransom.
The files it encrypts are commonly found on end users’ machines, such as .doc, .csv, .pdf, .jpg, etc. However, what should be more concerning to enterprise customers is that it will also look for .SQL, .SQLiteDB, and .SQLite3 files, which are associated with databases. Additionally, it looks to encrypt encryption keys (.crt and .key).
Once the malware has been executed, the Desktop wallpaper may change, to show instructions on how to decrypt your files.
It will also drop text files that contain the same instructions on how to decrypt your files. These files are named _Locky_recover_instructions.txt.
The transaction is all too familiar for many of the other types of ransomware out there. The malware authors have you visit a website, hosted on the TOR network, to provide payment. For Locky, the current amount is .5 BTC, or the equivalent of $209.33.
Bitcoin site hxxps://6dtxgqam4crv6rr6.tor2web.org/728EF3F4A1802521
We’ve looked into the Bitcoin address, 151xDKSeevSsBYu4oeFczYSb5z7UPY35zv, but currently do not see any transactions.
PC Matic users should know that this malware is blocked, and cannot be executed on machines protected with Super Shield.
You can read additional information about Locky Ransomware here.
]]>
If you, or anyone you know, have been affected by this fraud or any other scam, report it to Action Fraud by calling 0300 123 2040 or visiting www.actionfraud.police.uk.
Most households now run networks of devices linked to the Internet, including computers, laptops, gaming devices, TVs, tablets, and smartphones that access wireless networks. To protect your home network and your family, you need to have the right tools in place and confidence that family members can use the Internet safely and securely.
The first step is to Keep a Clean Machine and make sure all of your Internet-enabled devices have the latest operating system, web browsers and security software. This includes mobile devices that access your wireless network.
A wireless network means connecting an Internet access point – such as a cable or DSL modem – to a wireless router. Going wireless is a convenient way to allow multiple devices to connect to the Internet from different areas of your home. However, unless you secure your router, you’re vulnerable to people accessing information on your computer, using your Internet service for free and potentially using your network to commit cybercrimes.
Here are ways to secure your wireless router:
Protect Yourself with these STOP. THINK. CONNECT. Tips:
- See more at: https://staysafeonline.org/stay-safe-online/keep-a-clean-machine/securing-your-home-network#sthash.RKYdrfKz.dpuf
]]>