Malware

Websites of eight US cities poisoned by malware skimming the credit card details of residents

Beware if you’re paying your bills for local government services – the payment information you type into that web form may be heading straight to cybercriminals.

Smashing Security podcast #185: Bieber fever, Roblox, and ransomware

Who’s been dressing Robox players up in red baseball caps? Which ransomware victim’s negotations got spied on by the media? And should Jason Bieber think twice before touching his hat? Oh, and we need to talk about squirrels…

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast.

Watching a $1.14 million ransomware negotiation between hackers and scientists searching for COVID-19 treatments

An anonymous tip-off to BBC News enabled them to watch in real-time as an American medical university attempted to negotiate with the hackers who had infected its systems with ransomware.

The inside story of the Maersk NotPetya ransomware attack, from someone who was there

Gavin Ashton was an IT security guy working at Maersk at the time of it was hit hard by the NotPetya ransomware. Now he’s written an article about his experiences, and shares advice for others.

New Mac malware spreads disguised as Flash Player installer via Google search results

Apple Mac users are warned of a new in-the-wild malware threat which masquerades as an installer for Adobe Flash Player.

bitdefender.com

Credit-card skimming malware hit websites as Coronavirus lockdown forced retailers to close high street stores

On March 20th, the Claire’s accessories retail chain beloved by young girls around the world made the sensible decision to close all of its physical stores in response to the Coronavirus Covid-19 pandemic.

A nuisance for shoppers, certainly. But also an opportunity if you were a malicious hacker.

Read more in my article on the Bitdefender Business Insights blog.

bitdefender.com

Despite resolution not to give in to hackers’ ransom demands, some cities are still paying up after attacks

The City of Florence in northern Alabama has agreed to pay a ransom of US $300,000 worth of Bitcoin to hackers who compromised its computer systems and deployed ransomware.

And they’re not the only US city finding themselves dealing with the aftermath of a ransomware outbreak this week…

Read more in my article on the Hot for Security blog.

bitdefender.com

Microsoft warns of PonyFinal ransomware attacks

Malware experts at Microsoft have warned businesses to be on their guard against hackers plotting to plant the PonyFinal ransomware on compromised IT systems.

Read more in my article on the Hot for Security blog.

tripwire.com

NetWalker ransomware – what you need to know

The NetWalker gang are infecting corporations’ computer systems, encrypting and stealing data, and holding it to ransom.

And they’re looking for criminals to join their affiliate scheme.

Read more in my article on the Tripwire State of Security blog.

FBI warns hackers are planting card skimmers on online stores running a vulnerable Magento plugin

The FBI has issued a “flash alert” warning that hackers are planting Magecart-style credit card-skimming code on Magento-powered online stores running an out-of-date plugin.

The ProLock ransomware doesn’t tell you one important thing about decrypting your files

Have your computers been hit by the ProLock ransomware? You might want to read this before you pay any money to the criminals behind the attack.

An outbreak of Coronavirus trojans and scams

Recent weeks have seen a spate of scams and attacks associated with the Coronavirus pandemic, and there is little evidence of the end being in sight.

bitdefender.com

Could this be the world’s most harmless IoT botnet?

When researchers investigate suspected malware on an IoT device they normally expect to find a cryptominer to earn a hacker digital cash or perhaps botnet code to launch DDoS attacks against websites.

But that wasn’t the case with the Cereals botnet.

Read more in my article on the Bitdefender BOX blog.

Smashing Security podcast #177: Elon Musk, Roblox, and Love Bug author found

What can X Æ A-12 Musk teach us about passwords? How did our guest finally hunt down in Manila the author of one of history’s biggest virus outbreaks? And what on earth is a hacker doing breaching Roblox security?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by technology journalist Geoff White.

bitdefender.com

Kaiji – a new strain of IoT malware seizing control and launching DDoS attacks

Kaiji, a new botnet campaign, created from scratch rather than resting on the shoulders of those that went before it, is infecting Linux-based servers and IoT devices with the intention of launching distributed denial-of-service (DDoS) attacks.

Read more in my article on the Bitdefender BOX blog.

Tarkett floored by cyber attack

French flooring company Tarkett has revealed that it was hit by a cyber attack on April 29th, and that its operations continue to be disrupted as a result.