Ever since WannaCry made it onto the front page of every newspaper and received a dedicated segment on twenty-four-hour news channels, every Friday since then another worm using the same exploit appeared. This past Friday was no different. On Friday, May 19, another worm using the same exploit as Wa
With much of the world still reeling from the WannaCry attack of last week, analysts and researchers have discovered a new threat. Researchers at Proofpoint discovered the threat on Monday this week that uses the same SMB exploit as WannaCry. The new threat, termed Adylkuzz, is not ransomware but ra
The Wake-up Call Microsoft has labeled the cyber wildfire called WannaCry a massive wake up call. By Saturday, May 13, it was reported that over 200,000 computers from over 100 countries had been infected with the ransomware in question. The speed at which WannaCry propagated was extraordinary, whi
Although not new news Microsoft’s recent Zero Day event which could have had mind numbingly bad consequences. That being said, Microsoft’s response is a great illustration of how the system should work. One must tip one’s hat to the response which has historically, and not just by Microsoft, been po
Last week Cisco’s research arm Talos confirmed that it had detected a Remote Access Trojan (RAT), which they have termed KONNI, that has attacked organizations associated with the Hermit Kingdom. It has also been confirmed that by Talos that the earliest of these attacks using the above-mentioned ma
As of the first of May 2017 a new version of the CryptoMix, or CryptFile2, ransomware has been detected. This new version uses the Wallet extension for encrypted files. Previously, the Wallet extension was used on Dharma/Crysis and Sanctions ransomware. This new version of CryptoMix is currently usi
Last year hackers were caught on camera using their smartphones to empty ATMs. The thieves stole $2.2 million USD before they fled the country. Nixdorf, the ATM maker, said three different strains of malware were found on the devices. Software on the smartphone enabled the malware. Security researc
Cross-Site Request Forgery (CSRF) is a hacking technique of getting a user who is logged into an application to execute certain commands while authenticated and logged in. The Magento shopping cart (version 2.1.6 and below) has a security issue that allows that. Magento has known about this for some
Threat Intelligence feeds are designed to provide real time updates on hostile domains, IP addresses, and active malware on the internet. These are two kinds of data feeds: free and paid. The idea with data feeds is you use those to block IP addresses and IP address ranges, domains with certain reg
Heimdal Security says the Rig Exploit Kit has been used to plant Cerber ransomware on domains ending with the .news suffix, including the shortened list shown below. (Cerber has the unique feature of talking to its victims.) An exploit kit is a set of tools developed by criminal gangs. They keep a