Nastiest Malware 2023
Help each other out of non-Webroot technical jams and discuss tech-related stuff in general.
December 23, 2019 By Catalin Cimpanu The Russian government announced on Monday that it concluded a series of tests during which it successfully disconnected the country from the worldwide internet. The tests were carried out over multiple days, starting last week, and involved Russian government agencies, local internet service providers, and local Russian internet companies. The goal was to test if the country's national internet infrastructure -- known inside Russia as RuNet -- could function without access to the global DNS system and the external internet. Full Article.
With Symantec pulling back from their commitment to the channel, Webroot is poised and ready to fill the void. We already outperform their endpoint security in a number of third-party testing metrics and now we’re ready to step up for customers looking to make the switch from Symantec to Webroot.
Beta 4 of MacOS Catalina 10.15.2 Released for Testing Dec 6, 2019 Apple has released the fourth beta version of MacOS Catalina 10.15.2 for Mac users involved in the beta testing programs. MacOS 10.15.2 Catalina presumably focuses on bug fixes and improvements to the latest Mac operating system, perhaps addressing some of the issues and problems with Catalina that have been reported by some users. There does not appear to be any major new changes or features introduced in MacOS Catalina 10.15.2 beta so far. Full Article
January 20, 2020 By Catalin Cimpanu Password management service LastPass is currently going through a major outage as users are reporting being unable to log into their accounts and autofill passwords, with some users reporting issues going back for days. User reports about login issues have been flooding Twitter, but also the company's forum, Reddit, and DownDetector. Users are reporting receiving the following error when trying to log in: "An error has occurred while contacting the LastPass server. Please try again later." Both home and enterprise users are impacted. Full Article.
A lesson here for all those who like IOT devices. Under Armour is making a pile of pricey devices into so many useless bricks. Kate Cox - 1/21/2020 Any smart device comes with its own set of benefits and trade-offs, but there's one huge shoe waiting to drop with every single one of them: anything you connect can be disconnected at the other end, and there's absolutely nothing you the consumer can do about it. Today's example of smart stuff going dumb comes courtesy of Under Armour, which is effectively rendering its fitness hardware line very expensive paperweights. The company quietly pulled its UA Record app from both Google Play and Apple's App Store on New Year's Eve. In an announcement dated sometime around January 8, Under Armour said that not only has the app been removed from all app stores, but the company is no longer providing customer support or bug fixes for the software, which will completely stop working as of March 31. Full Article.
December 31, 2019 By Pierluigi Paganini Exit scam – Bad news for Grey Market users, one of its administrators revealed that another administrator had emptied the cold storage wallets. According to one of the admins of the Grey Market marketplace one of the admins, ‘theiving‘, has stolen all the users’ funds the platform stored for the escrow service. “ you can mark Market as scam exited and ban all our official accounts” reads the message published by the Market admin. During the last week, the black marketplace was often unreachable before going completely offline. Full Article.
VMware wants to add Nyansa's AI and machine learning capabilities to its security and network portfolio January 22, 2020 By Dev Kundaliya VMware is to acquire network analytics software firm Nyansa in a bid to bolster its flagship SD-WAN by VeloCloud platform. The deal is expected to close in VMware's first quarter of its fiscal year 2021 - the quarter to the end of April 2020 - subject to customary closing conditions. Financial terms of the deal were not disclosed. VMware wants to add Nyansa's artificial intelligence (AI) and machine learning capabilities to its existing security and network portfolio. The added capabilities will help customers operate and troubleshoot the Virtual Cloud Network, while also strengthening VMware's ability to offer "self-healing networks", the company said. Full Article.
Paradise Ransomware Spreading Through Unusual Attachments While Paradise ransomware isn’t new to the scene, the latest methods it is using to spread have been a bit surprising. Though it still transmits over email, it offers up an IQY attachment instead of a typical word document or excel spreadsheet. These attachments can make a quick connection to a malicious URL and begin downloading the actual ransomware payload. What makes these so much more dangerous is that they appear to be a simple text file with no internal malicious code, just commands for retrieving it, so it isn’t typically picked up by most security services. https://www.bleepingcomputer.com/news/security/paradise-ransomware-distributed-via-uncommon-spam-attachment/ Malicious Coronavirus Mapping Apps Spreading More than Misinformation Many malware authors have been capitalizing on the recent coronavirus (COVID-19) epidemic through phishing campaigns and newly renamed ransomware variants. Their latest efforts have
Webroot is happy to announce the release of our Internal Security Training Courses! We’d love to hear from you about these courses once you’ve completed the training. What security gaps do you find to be challenging to attend to? What techniques do you use to bolster your network security? Got network security tips? Share your expertise with the community! Let us know in the comments below!
Maze Ransomware Targets Multiple French Industries At least five French law firms and a construction corporation have all fallen victim to the Maze ransomware variant, which is known for quickly ex-filtrating sensitive information. The Maze authors have also announced they will begin releasing the stolen data if the victims refuse to pay the ransom. Even though only two of the law firms have had their data posted so far, it is only a matter of time before the remaining firms are exposed and the entirety of the stolen data is released. Furthermore, with this type of ransomware attack, the attackers have been known to demand a doubled ransom payment to cover both the decryption key for the files and the supposed permanent deletion from the attacker’s end. Though if this type of payment isn’t made, the data has been known to be posted on Russian forums, leaving the data in the hands of any interested parties. Major Spike in MageCart Skimmer Usage At least 40 new websites have been identif
Our Senior Threat Research Analyst, @FredFunk, is back from holidays and has a fresh batch of 2020 threat news for you. Ransomware FTCODE Now Info-Stealing Stealing data before encrypting it is now a very common criminal practice. This can be done automatically by malware or it can be done by hackers (such as in the new BitPyLock attacks) who have specifically targeted a network. FTCODE know joins other infections such as Trickbot in having both data stealing and encrypting components: “FTCODE, a PowerShell-based ransomware that targets Italian-language users, has added new capabilities, including the ability to swipe saved web browser and email client credentials from victims.” In all of these cases the data is stolen first and the order of events is important here. If the data was to be encrypted before the data stealing components of the attacks were deployed, then the data stolen would be largely useless to the attackers running these malware campaigns. Las Vegas Hit by Ransom
By Associated Press on February 08, 2020 Cyborgs, trolls and bots can fill the internet with lies and half-truths. Understanding them is key to learning how misinformation spreads online. As the 2016 election showed, social media is increasingly used to amplify false claims and divide Americans over hot-button issues including race and immigration. Researchers who study misinformation predict it will get worse leading up to this year’s presidential vote. Here’s a guide to understanding the problem: Full Article.
It’s that time again: MSP Nifty Gifty! We want to round out 2019 with cool presents for you and yours. That’s why we’re partnering with other businesses in the channel to bring you 10 days of fun, business-building gifts that will help MSPs like you kick-start the new year.What’s the MSP Nifty Gifty? It’s 10 days of cool and valuable gifts in December—just for MSPs.How does the Nifty Gifty work? Each day, you’ll receive a special gift from one of the channel sponsors. It might be a free software subscription, a book, a gift card, or any number of other items.There’s also a grand prize—worth $1,900 in nifty gear—to help you kick off 2020 right. Click here to enter!
Our Senior Threat Research Analyst, @FredFunk, is back from holidays and has a fresh batch of 2020 threat news for you. General News Mirai Variant ECHOBOT Resurfaces with 13 Previously Unexploited Vulnerabilities Mirai was one of the biggest botnets ever seen. It consisted of millions of compromised IoT and other connected devices including routers. This army of devices was put to criminal use launching huge DDoS and other attacks. The Mirai model was so successful it spawned many variants and one of these variants, ECHOBOT, was discovered in mid-2019. Whereas the original Mirai compromised devices using a small amount of likely passwords (such as typical hardcoded router credentials) and exploits ECHOBOT uses a staggering amount of different device vulnerabilities and affects a wide range of devices. By targeting web and networking software as well as the classic Mirai targets of embedded IoT OS, ECHOBOT has greatly increased its ability to spread. There has been a lot of researc
Advice for Consumers: Safeguarding your Data Your mobile devices – including smartphones, laptops and wearables – are always in reach wherever you go, and they share substantial information about you and your habits. Follow these basic privacy tips to help you better manage your personal information. Tips to Help Protect your Privacy Personal info is like money: Value it. Protect it. Information about you, such as your purchase history or location, has value – just like money. Be thoughtful about who gets that information and how it’s collected through apps and websites. You should delete unused apps, keep others current and review app permissions. Share with care. Think before posting about yourself and others online. Consider what it reveals, who might see it and how it could be perceived now and in the future. Own your online presence. Set the privacy and security settings on websites and apps to your comfort level for information sharing. Each device, application or browser you
