Friday, April 19, 2024
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

Cybercrime & Hacking

ComputerWorld Independent 

WannaCry: Sometimes you can blame the victims

admin ,

Credit to Author: Ira Winkler| Date: Tue, 16 May 2017 05:46:00 -0700

The WannaCry ransomware attack has created at least tens of millions of dollars of damage, taken down hospitals, and as of the time of this writing, another round of attacks is considered imminent as people show up to work after the weekend. Of course, the perpetrators of the malware are to blame for all the damage and suffering that has resulted. It’s not right to blame the victims of a crime, right?

Well, actually, there are cases when victims have to shoulder a portion of the blame. They may not be criminally liable as accomplices in their own victimhood, but ask any insurance adjuster whether a person or institution has a responsibility to take adequate precautions against actions that are fairly predictable. A bank that leaves bags of cash on the sidewalk overnight instead of in a vault is going to have a hard time getting indemnified if those bags go missing.

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

New WannaCry variant being monitored, DHS official says

admin , ,

Credit to Author: Matt Hamblen| Date: Mon, 15 May 2017 11:40:00 -0700

A variant of the WannaCry ransomware that emerged Monday has been able to infect some of the computers patched after the original malware struck last week, according to a top cyber official at the Department of Homeland Security (DHS).

“We’re working on how to address that [variant] and sharing as we can,” said the official who asked not to be named. The official did not say how many computers have been affected by the variant, other than to say “some.” The original WannaCry attack hit more than 200,000 computers starting Friday in more than 150 countries, UK officials said over the weekend.

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

WikiLeaks posts user guides for CIA malware implants Assassin and AfterMidnight

admin , ,

Credit to Author: Darlene Storm| Date: Mon, 15 May 2017 11:25:00 -0700

The latest WikiLeaks release of CIA malware documentation was overshadowed by the WannaCry ransomware attack sweeping across the world on Friday.

WikiLeaks maintains that “Assassin” and “AfterMidnight” are two CIA “remote control and subversion malware systems” which target Windows. Both were created to spy on targets, send collected data back to the CIA and perform tasks specified by the CIA. Both are persistent and can be scheduled to autonomously uninstall on a specific date and time.

The leaked documents pertaining to the CIA malware frameworks included 2014 user’s guides for AfterMidnight, AlphaGremlin – an addon to AfterMidnight – and Assassin. When reading those, you learn about Gremlins, Octopus, The Gibson and other CIA-created systems and payloads.

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

Patching Windows XP against WannaCry ransomware

admin , , ,

Credit to Author: Michael Horowitz| Date: Sun, 14 May 2017 12:56:00 -0700

Microsoft just released a patch for Windows XP that fixes a file sharing flaw being exploited by the WannaCry ransomware. Here’s how to install it. 

You can download some versions of the patch using links at the bottom of this May 12th  Microsoft article: Customer Guidance for WannaCrypt attacks. The full list of patch variants, including languages other than English, is in the Windows Catalog, just search for KB4012598. Windows Update does not work on XP.

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

Schools in Alabama warn parents about Blue Whale ‘suicide game’ app

admin , ,

Credit to Author: Darlene Storm| Date: Wed, 10 May 2017 10:44:00 -0700

A “suicide game” presented in an app sounds like an urban legend or something from a horror flick, but unfortunately the “Blue Whale Challenge” is real. In fact, police and school districts have issued warnings about the app and even Instagram serves up a warning after searching for the #bluewhalechallenge.

blue whale challenge instagram message IDG

Vulnerable young people are the targets for Blue Whale. Once the app is downloaded onto a phone, it reportedly hacks the phone and harvests the user’s information. In the Blue Whale Challenge, a group administrator – also referenced as a mentor or master – gives a young person a task to complete each day for 50 days. If a person balks at the daily task, then the personal information which was stolen is used as a form of blackmail as in do this or else your private information will be released or your family threatened. The task on the last day is to commit suicide. This is supposedly winning the game.

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

Local cost of a Big Mac decides ransom amount for Fatboy ransomware

admin , ,

Credit to Author: Darlene Storm| Date: Mon, 08 May 2017 09:33:00 -0700

Location, location, location … you’ve heard it many times before but not when it comes to a ransomware deciding a ransom amount. Fatboy, a ransomware-as-a-service, is believed to be the first ransomware that automatically adjusts the ransom amount based on a victim’s location.

Just when you think you’ve heard every conceivable ransomware demand – not just ransoms paid in bitcoins or other cryptocurrencies like Monero, or paid in iTunes or Amazon gift cards, ransomware which costs nothing for decryption as long as you infect two other people, or even ransomware that demands a high score on a shooter game before decrypting drives – now there’s a ransomware that charges victims based on the Big Mac Index.

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

Face it: Enterprise cyberattacks are going to happen

admin , ,

Credit to Author: Matt Hamblen| Date: Wed, 03 May 2017 11:00:00 -0700

There are now so many cyberattacks that many enterprises simply accept that hackers and bad actors will find ways to break into their systems.

A strategy some large businesses have developed over the past two years has been to quickly identify and isolate these attacks, possibly by shutting down part of a system or network so the hackers won’t get days or weeks to root around and grab sensitive corporate data.

This enterprise focus on rapid detection and response to various attacks on networks and computers doesn’t replace conventional security tools to prevent attacks. Instead, businesses are relying on both prevention software and detection software.

To read this article in full or to leave a comment, please click here

Read more
ComputerWorld Independent 

IDG Contributor Network: Using defense-in-depth to prevent self-inflicted cybersecurity wounds

admin ,

Credit to Author: Robert C. Covington| Date: Tue, 02 May 2017 07:32:00 -0700

This past week, I encountered an all too common situation — a user gets a targeted phishing attempt. Despite a strong training program, the user opens the attachment and gets infected with ransomware.

For many organizations, this would have resulted in a disaster. Ransomware would have encrypted files on any servers, and the organization would have been forced to either restore the files from a backup, assuming they had them, or to hold their nose and pay a ransom. 

The news was better, however, for the organization I mentioned above.

Fortunately, the premise of their security planning was that someone would eventually shoot them in the foot. With a security plan that assumed this, they had a depth of layered controls to help. While their anti-virus software did not prevent the infection, it did recognize and send an alert about it, after the fact. In the meantime, their web filtering appliances and their DNS service provider, recognizing the call from the infected PC to a command and control server to get an encryption key, blocked access. Since the ransomware client never got the key, it did not encrypt any files. The blocking of command and control access provided the extra time needed to get the PC pulled out of service and repaired. 

To read this article in full or to leave a comment, please click here

Read more