It’s been discovered that the infamous Emotet Trojan has resurfaced with a new capability – it can check IPs on infected machines to see if malicious email senders are on spam lists, allowing hackers to send malware from an email address that’s guaranteed to get through. This is further proof that organisations need to be bolstering defenses as hackers continue to find ways to slip through the net of traditional AV and detection-based tools. Expert Comments below: Fraser Kyne, EMEA CTO at Bromium: “The Emotet Banking Trojan is one of the most notorious pieces of malware in the wild, so its return comes as…
ISBuzz Team
Whilst the future use and viability of Cryptocurrencies may still be up for debate, the influence Bitcoin (the most famous cryptocurrency) has had on the market is clear– with its valuation peaking at just shy of $20,000 in December 2017. In fact, the global market for Blockchain (the technology that underpins bitcoin) is anticipated to reach a valuation of $60.7 billion in 2024. Clearly there is still much interest in the transparent ledger system. And as new forms of Cryptocurrency arise, it comes as no surprise that hackers have swiftly followed, aiming to make money from this rising trend in…
A new Magecart attack aimed at French advertising agency Adverline, has been discovered by RiskIQ. This new Magecart attack steals customer credit card details by compromising a content delivery network for ads so that any website loading the script from the ad agency’s ad tag would also be loading the digital skimmer at the same time. Experts Comments below: Mike Bittner, Digital Security and Operations Manager at The Media Trust: “This new malware strain is just one more indication of how sophisticated and organized bad actors have become. It has not only affected the French ad agency, but at least…
A security researcher discovered more than 772 million unique email address and over 21 million unique passwords were posted to a hacking forum. The data dump showcases the importance of having strong, unique passwords for every account. Expert Comments Below: Sandor Palfy, CTO at LastPass: “This Collection #1 data dump is yet another example indicating the importance of practicing good password behavior. Despite the fact that weak, reused and compromised passwords are the cause behind many breaches, people continue to display pretty risky password behavior. In fact, in our in our recent psychology of Passwords survey we found that 91% knew…
Security researchers testing web hosting security have found at least one client-side vulnerability in all the platforms that were tested, with some allowing account takeover when the victim clicks a link or visits a malicious website. Websites hosted on Bluehost, Dreamhost, HostGator, OVH, or iPage were tested. Expert Comments below. Javvad Malik, Security Advocate at AlienVault: “The nature of software is such that nothing will ever be perfectly secure, and that includes web hosting. Companies should approach web hosting in the same way they would approach any third party or cloud provider. This includes having a thorough due diligence process to…
A new Bitcoin scam has surfaced and appears to be delivered mostly via email by exploiting weaknesses in Hotmail or Live mail accounts. Victims receive a legitimate-looking email that will usually mimic an email they are expecting to receive, making the scam seem even more real. A link in the email redirects the victim either to an extremely genuine looking BBC news webpage or simply to a page asking for a password. Martin Jartelius, CSO at Outpost24: “This is traditional phishing. The BBC is not to blame, and already by reaching out with information, they are doing plenty. Users should stay…
Hackers have been found to be impersonating HR staff to gain employee credentials to access employee payroll accounts and banking details. Expert Comments below: Felix Rosbach, Product Manager at comforte AG: “Here we have yet another example of how easy it is to steal someone’s identity – given there are no countermeasures in place. The reason for this is simple: most hackers aren’t geniuses, but neither is the average employee. We’re only human after all. Sometimes we make mistakes. Sometimes we get complacent or distracted and, unfortunately, our tendency to slip up every once in a while leaves us open to exploitation. That’s why…
Cybersecurity researchers today shared details of vulnerabilities that could have affected any player of the hugely popular online battle game, Fortnite. If exploited, the vulnerability would have given an attacker full access to a user’s account and their personal information as well as enabling them to purchase virtual in-game currency using the victim’s payment card details. The vulnerability would also have allowed for a massive invasion of privacy as an attacker could listen to in-game chatter as well as surrounding sounds and conversations within the victim’s home or other location of play. Experts Comments below: Sam Curry, Chief Security Officer at Cybereason: ‘Tens of…
Today it has been reported that the largest collection of breached data has been discovered in a popular hacking forum. The 87Gb of data discovered by security researcher Troy Hunt contains 770m email addresses and passwords. Experts Comments below: Ed Macnair, CEO at CensorNet: “Following data breaches, its common to find stolen details up for sale on the internet as it’s a hugely lucrative business, but the size of this haul is staggering. Although, this was probably always going to happen as enterprising criminals have got pretty good at streamlining their processes. “Credential theft has been the leading cause of data…
Following a short period of low activity during the holiday, Emotet operators are back at distributing through malicious email campaigns a new strain of their payload that carries new tricks. The message spurts target users speaking different languages, luring them into opening an attached document laced with code that pulls in and installs the malware. The malware is under constant development and this new variant can check if the recipient’s/victim’s IP address is blacklisted or on a spam list maintained by services like Spamhaus, SpamCop, or SORBS. “This could allow attackers to deliver more emails to users’ inboxes without any…