Category Archives: Latest Security News

Ransomware Attack Targeted Data Intelligence Firm Verint

Bad actors used a ransomware attack to target the Israeli offices of the customer engagement and digital intelligence company Verint. On 17 April, ZDNet received a screenshot taken by an employee who works at one of Verint’s Israeli offices. The screenshot shows what appears to be a warning message which the data intelligence firm displayed […]… Read More

The post Ransomware Attack Targeted Data Intelligence Firm Verint appeared first on The State of Security.

Navicent Health Discloses Data Breach as the Result of a Digital Attack

Navicent Health, a part of Central Georgia Health System, has disclosed that it suffered a data breach as the result of a digital attack. The second-largest hospital in Georgia and the only regional Level I Trauma Center, Navicent Health explains in a data breach notice that it learned of a digital attack involving some of […]… Read More

The post Navicent Health Discloses Data Breach as the Result of a Digital Attack appeared first on The State of Security.

Spear Phishing Campaign Targeted Ukraine Government Entities

Researchers observed bad actors using a spear phishing campaign to target government entities in Ukraine including military departments. In the beginning of 2019, FireEye Threat Intelligence analyzed an email sent out as part of this campaign. The email used “SPEC-20T-MK2-000-ISS-4.10-09-2018-STANDARD” as its subject line. It also spoofed the sender address so that it appeared to […]… Read More

The post Spear Phishing Campaign Targeted Ukraine Government Entities appeared first on The State of Security.

RobbinHood Ransomware Demands Grow $10K Per Day after Fourth Day

The ransom demands imposed by the new “RobbinHood” ransomware family increase $10,000 each day beginning on the fourth day following encryption. The creators of RobbinHood appear to be aiming their attacks at entire networks. When they’ve gained access to a target, they use their ransomware to encrypt as many computers as possible. They then drop […]… Read More

The post RobbinHood Ransomware Demands Grow $10K Per Day after Fourth Day appeared first on The State of Security.

MuddyWater Group Using Spam Campaign to Hijack Victims’ Computers

The MuddyWater threat attack group is using a spam campaign to hijack victims’ computers and steal sensitive information. Discovered by Heimdal Security in early April, the campaign begins when malicious actors use social engineering techniques to trick a user into opening a malicious Microsoft Office document attached to a phishing email. The document contains VBA […]… Read More

The post MuddyWater Group Using Spam Campaign to Hijack Victims’ Computers appeared first on The State of Security.

TRITON Framework Leveraged at a Second Critical Infrastructure Facility

Researchers have discovered that malicious actors leveraged the TRITON framework at a second critical infrastructure facility. In this particular attack, the threat actor maintained access to the target corporate networks for nearly a year before gaining access to the Safety Instrumented System (SIS) engineering workstation. They remained relatively quiet all the while as they worked […]… Read More

The post TRITON Framework Leveraged at a Second Critical Infrastructure Facility appeared first on The State of Security.

AeroGrow Discloses Data Breach of Customers’ Payment Card Information

Indoor gardening system manufacturer AeroGrow has disclosed a data breach that involved customers’ payment card information. In a sample data breach notice obtained by the Office of Attorney General for the State of California, AeroGrow senior vice president of finance and accounting Grey H. Gibbs explains that the company learned of the security incident on […]… Read More

The post AeroGrow Discloses Data Breach of Customers’ Payment Card Information appeared first on The State of Security.

Planetary Ransomware Victims Can Now Recover Their Files for Free

Security researchers have released a decryptor that enables victims of the Planetary ransomware family to recover their files for free. Released by Emsisoft, this decryptor requires a victim to have a copy of the ransom note. It’s not hard to find. Planetary ransomware, which earns its name for its use of planet-related file extensions including […]… Read More

The post Planetary Ransomware Victims Can Now Recover Their Files for Free appeared first on The State of Security.

Bayer Reveals Its Detection and Containment of Digital Attack

German multinational pharmaceutical and life sciences company Bayer AG has revealed that it detected and contained a digital attack. As reported by Reuters, Bayer discovered the installation of malicious software on its systems in early 2018. It then quietly monitored and analyzed the malware through the end of March 2019. Ultimately, it removed the threat […]… Read More

The post Bayer Reveals Its Detection and Containment of Digital Attack appeared first on The State of Security.

Georgia Tech Data Breach Potentially Exposed 1.3M Users’ Personal Data

A data breach at the Georgia Institute of Technology, better known as Georgia Tech, potentially exposed the personal data of as many as 1.3 million users. On 2 April, the public research university published a statement on its website in which it revealed that an unknown actor had gained unauthorized access to one of its […]… Read More

The post Georgia Tech Data Breach Potentially Exposed 1.3M Users’ Personal Data appeared first on The State of Security.

Malware Actors Using New File Hosting Service to Launch Attacks

Bad actors are leveraging a new file hosting service in order to launch attack campaigns involving FormBook and other malware. Near the end of March, researchers at Deep Instinct observed a new FormBook attack. The infection chain for this campaign began with a phishing email that contains a malicious attachment. In the sample analyzed by […]… Read More

The post Malware Actors Using New File Hosting Service to Launch Attacks appeared first on The State of Security.

Google Introduces New 2-Step Verification Options for G Suite Accounts

Google has introduced new methods, an updated user interface and other changes through which 2-step verification (2SV) will work for G Suite accounts. On 26 March, Google announced three changes that will affect admins and end users of G Suite customers when they use 2SV going forward. The first change concerns updated user interfaces for […]… Read More

The post Google Introduces New 2-Step Verification Options for G Suite Accounts appeared first on The State of Security.

Ransomware Hit Garage Used by Canadian Internet Registration Authority

A parking garage used by employees of the Canadian Internet Registration Authority (CIRA) suffered a ransomware infection. At the end of their morning commute on 27 March, employees of CIRA arrived at a parking garage maintained by Precise Parklink. The garage typically uses Precise Parklink’s “Automated Parking Revenue Control System” to verify visitors by scanning […]… Read More

The post Ransomware Hit Garage Used by Canadian Internet Registration Authority appeared first on The State of Security.

Popular Web Browser’s Hidden Ability Threatens 500M Google Play Users

A popular web browser’s hidden ability poses a serious risk to more than 500 million Google Play users and their Android devices. Malware analysts at Doctor Web recently observed that UC Browser, a web browser developed by the Alibaba-owned Chinese mobile Internet company UCWeb, can secretly download and execute new libraries and modules from third-party […]… Read More

The post Popular Web Browser’s Hidden Ability Threatens 500M Google Play Users appeared first on The State of Security.

Coding Error Could Enable Users to Halt LockerGoga Ransomware

Users could potentially use a coding error in some variants of LockerGoga to halt the ransomware’s encryption routine in its tracks. In its analysis of LockerGoga, Alert Logic Threat Research found that the ransomware performs an initial reconnaissance scan through which it collects file lists once it’s infected a machine. The malware may come in […]… Read More

The post Coding Error Could Enable Users to Halt LockerGoga Ransomware appeared first on The State of Security.

FEMA Improperly Shared 2.3 Million Hurricane Survivors’ PII with Contractor

The U.S. Federal Emergency Management Agency (FEMA) improperly shared the personally identifiable information (PII) of 2.3 million hurricane and disaster survivors with a contractor. The Department of Homeland Security’s Office of Inspector General (DHS OIG) detected FEMA’s violation while auditing the agency’s Transitional Sheltering Assistance (TSA) program, a framework for temporarily sheltering individuals displayed by […]… Read More

The post FEMA Improperly Shared 2.3 Million Hurricane Survivors’ PII with Contractor appeared first on The State of Security.

NC County Government Suffers Third Ransomware Infection in 6 Years

A county government in North Carolina has suffered a ransomware infection for the third time in the past six years. According to a statement published on its website, the Orange County government observed on 18 March that a virus had infected its network. It responded by shutting down all servers, which rendered public computers at […]… Read More

The post NC County Government Suffers Third Ransomware Infection in 6 Years appeared first on The State of Security.

Headquarters of Police Federation Suffered Ransomware Infection

The Police Federation of England and Wales (PFEW) suffered a ransomware infection in which crypto-malware affected several systems at its headquarters. According to a statement posted about the security incident, the law enforcement association’s security systems sent out an alert at 19:00 local time on 9 March. PFEW’s security teams looked into the alert and […]… Read More

The post Headquarters of Police Federation Suffered Ransomware Infection appeared first on The State of Security.

‘Bad Tidings’ Phishing Campaign Targeting Saudi Government Agencies

An ongoing phishing campaign code-named “Bad Tidings” has been targeting several Kingdom of Saudi Arabia government agencies for years. Researchers at Anomali Labs first detected the Bad Tidings campaign back in November 2016. Since then, the operation has targeted four government agencies in Saudi Arabia: the Ministry of Labor and Social Development, the Ministry of […]… Read More

The post ‘Bad Tidings’ Phishing Campaign Targeting Saudi Government Agencies appeared first on The State of Security.

New Sextortion Scam Tries to Scare Users with Fake CIA Investigation

Extortionists have launched a new sextortion scam campaign that leverages a fake Central Intelligence Agency (CIA) investigation to try to scare users. In an email I obtained from a wary user, the scammers pose as a fake CIA technical collection officer named Roxana Mackay. This character claims in the email that she’s found the user’s […]… Read More

The post New Sextortion Scam Tries to Scare Users with Fake CIA Investigation appeared first on The State of Security.

Spam Campaign Uses Recent Boeing 737 Max Crashes to Push Malware

A spam campaign is using two recent crashes involving Boeing 737 Max aircraft to distribute malware to unsuspecting users. Discovered by 360 Threat Intelligence Center, a research division of 360 Enterprise Security Group, the campaign sends out attack emails that come from “info@isgec.com” with the subject line “Fwd: Airlines plane crash Boeing 737 Max 8.” […]… Read More

The post Spam Campaign Uses Recent Boeing 737 Max Crashes to Push Malware appeared first on The State of Security.

Attackers Sending Fake Copyright Infringement Notices to Instagram Users

Digital attackers are targeting high-profile Instagram users with fake copyright infringement notifications in a bid to hijack their accounts. Detected by Kaspersky Lab, this scheme begins when an Instagram influencer receives an email notification informing them that their “account will be permanently deleted for copyright infringement.” The email notice looks official in that it uses […]… Read More

The post Attackers Sending Fake Copyright Infringement Notices to Instagram Users appeared first on The State of Security.

Attackers Sending Out Fake CDC Flu Warnings to Distribute GandCrab

Digital attackers are sending out fake flu warnings that appear to come from the U.S. Center for Disease Control (CDC) in order to distribute GandCrab ransomware. An attack begins when a user receives a fake CDC email. The sender field claims that the email came from “Centers for Disease Control and Prevention.” But a closer […]… Read More

The post Attackers Sending Out Fake CDC Flu Warnings to Distribute GandCrab appeared first on The State of Security.

Kathmandu Notifies Customers of Security Incident Involving Its Website

Outdoor apparel and equipment retail chain Kathmandu said it’s in the process of notifying customers about a security incident involving its website. On 13 March, Kathmandu released a notification disclosing how the company became aware of the security incident between 8 January and 12 February. At some point during that time, an unauthorized third party […]… Read More

The post Kathmandu Notifies Customers of Security Incident Involving Its Website appeared first on The State of Security.

New Sextortion Scam Says Adult Sites Infected Victims with Malware

A new sextortion scam is informing victims that their computers suffered a malware infection after they visited an adult website. In this latest ruse, digital criminals claim that they infected a user with malware after they visited a child pornography website. They then say that they leveraged that infection to capture compromising video footage of […]… Read More

The post New Sextortion Scam Says Adult Sites Infected Victims with Malware appeared first on The State of Security.

STOP Ransomware Variant Installing Azorult Infostealer

A variant of the STOP ransomware family is downloading the Azorult infostealer onto victim’s machines as part of its infection process. Security researcher Michael Gillespie was the first to detect this malicious activity. While testing some of the crypto-malware family’s newer variants, he noticed that some of them were creating traffic indicative of Azorult. Aside […]… Read More

The post STOP Ransomware Variant Installing Azorult Infostealer appeared first on The State of Security.

Vulnerabilities in Two Smart Car Alarm Systems Affected 3M Vehicles

Two smart car alarm systems suffered from critical security vulnerabilities that affected upwards of three million vehicles globally. Researchers at Pen Test Partners independently assessed the security of products developed by Viper and Pandora, two of the world’s largest and most well-known vendors of smart car alarms. With both systems, they found insecure direct object […]… Read More

The post Vulnerabilities in Two Smart Car Alarm Systems Affected 3M Vehicles appeared first on The State of Security.

Various Membership Plans Offered by Jokeroo Ransomware-as-a-Service

The Jokeroo ransomware-as-a-service (RaaS) offers various membership plans through which would-be digital criminals can become affiliates. In his analysis of the ransomware-as-a-service, Bleeping Computer creator and owner Lawrence Abrams found that Jokeroo differs from similar platforms in that it offers at least three different membership tiers. These levels, he observed, attracts would-be digital attackers using […]… Read More

The post Various Membership Plans Offered by Jokeroo Ransomware-as-a-Service appeared first on The State of Security.

New CryptoMix Clop Ransomware Variant Claims to Target Networks

A new variant of the CryptoMix Clop ransomware family claims to target entire networks instead of individual users’ machines. Security researcher MalwareHunterTeam discovered the variant near the end of February 2019. In their analysis of the threat, they noticed that the ransomware came equipped with more email addresses than previous versions of CryptoMix Clop. They […]… Read More

The post New CryptoMix Clop Ransomware Variant Claims to Target Networks appeared first on The State of Security.