In October 2016, the world was introduced to the very first “Internet of Things” malware, which is a strain of malware that can infect connected devices such as DVRs, security cameras and more. The Mirai malware accessed the devices using default password and usernames. The malware then turns the affected devices into a botnet in order to facilitate a Distributed Denial of Service (DDoS) attack. This attack ended up flooding one of the largest website hosting companies in the world, bringing slew of major, well-known websites and services to a screeching halt for hours.
Originally, this m...
Netgear has announced a patch for software vulnerabilities in over 30 devices that can allow hackers access to the router password. The vulnerability gives attackers access to the router’s password recovery system in order to steal login credentials, giving them full access to the device and all of its settings.
These vulnerabilities can be exploited in two ways. If the attacker has physical access they can then access the router and exploit the vulnerabilities locally. The second and more dangerous way is that the vulnerability can be exploited remotely. Netgear routers come with the...
Hot on the heels of Yahoo announcing a data breach of 500 million user accounts in September, the company has announced that they have suffered another breach of one billion accounts. Yes, you read that correctly- one BILLION accounts.
As Yahoo previously disclosed in November, law enforcement provided the company with data files that a third party claimed was Yahoo user data. The company analyzed this data with the assistance of outside forensic experts and found that it appears to be Yahoo user data. Based on further analysis of this data by the forensic experts, Yahoo believes an unaut...
The attack campaign, dubbed Gooligan, has breached the security of over one million Google accounts and is still growing at a rate of 13,000 new infections each day. Gooligan is a variant of the Ghost Push malware family of hostile downloaders which download apps onto infected devices without the user’s permission. Google announced on their blog that they they’ve been working the past few weeks to investigate and help protect users against this threat. As a result, Google has already removed the offending apps from the Google Play Store. In addition to removing the malicious apps, Google i...
FriendFinder Inc. owns multiple adult themed websites including AdultFriendFinder.com, Cams.com, Penthouse.com, Stripshow.com and more. If you have ever signed up for one of these accounts, even if it was briefly out of curiosity, it is recommended that you change your password. This is the company’s second breach in just over a year. Included in the 400 million breached accounts were 16 million deleted accounts.
What Was Stolen:
So far the data that has been leaked includes the following: usernames and passwords, VIP membership status, browser information, the IP address last used to...
In the past few weeks, fake apps have been popping up in the Apple App Store- right as the holiday shopping season goes into full swing. Most of these apps are masquerading as high-end, designer brands offering the luxury goods for a discount.
Luckily, Apple has already stepped in and removed hundreds of the fake apps that have been reported. While Apple has a very thorough app vetting process in order to prevent malicious and fraudulent apps, these particular apps are skating by because the developer is changing the content of the app after Apple has approved it.
How To Spot A Fake App:...
*Updated October 25th 2016 to include new information about the incident.
Starting in the early hours of Friday, October 21, 2016, a Distributed Denial of Service (DDoS) attack flooded one of the largest DNS server companies in the world, bringing half the Internet to a screeching halt.
It began when the east coast experienced difficulty accessing a slew of major, well-known websites and services. When trying to access these sites, users were greeted with slowness as well as an “unable to reach server” page, denying them access to the websites. It was later confirmed that the Mirai malwa...
Hundreds of malicious apps are showing up on the Google Play Store, disguised as legitimate applications. These malicious apps are carrying malware known as Dresscode. Dresscode is designed to infiltrate networks and steal data. It can also add infected devices to a Botnet, which is capable of carrying out denial-of-service (DDoS) attacks as well as taking part in spam email campaigns.
Dresscode can also threaten home networks. If a device infected with Dresscode comes in contact with a network where the router has a weak password, it can crack the password and then infect other devices o...
If you have a Yahoo account, you need to change your password now. If you reuse that password on any other online accounts, you should change that too.
Yahoo announced on Thursday September 22nd that they have been the victim of a substantial cyber attack that occurred in 2014, which stole information associated with 500 million accounts. Yahoo is currently working with law enforcement to determine the source of the attack.
The specifics of what was stolen have not been released yet, however the company believes that the data could possibly contain ...
Dropbox has announced via their blog that 68 million user email addresses with hashed and salted passwords have been exposed. Dropbox has verified that the information is indeed legitimate. As a result, they have proactively completed a password reset for anyone who hadn’t updated their password since mid-2012. They’re contacting account owners via email and the next time they login, they will be prompted to update their passwords.Legitimate Dropbox Email
The credentials that have been affected were from a data breach the company suffered in 2012. So...
An unusual strain of ransomware has shown up on the scene, and it isn’t playing nicely at all. Dubbed “Jigsaw,” the ransomware was created in early March and made its way to the black market a week later, selling for around $140 USD. So far, it seems that there has been minimal sales of the malware. Luckily, it is not widespread yet.
Ransomware With a Wicked Twist
This is not your average ransomware. Yes, Jigsaw ransomware will encrypt your files and demand a ransom in order to retrieve your files, however Jigsaw comes with a countown timer. Once t...
Cyber criminals are finding new ways to steal your money through your Android device. Lately, the use of Android malware that steals your banking credentials, with names such as Acecard or GMbot, is on the rise.
The fallout from getting your banking information stolen can be emotionally and mentally taxing. According to the Norton Cybersecurity Insights Report , 70% of us would rather cancel dinner plans with a best friend than deal with canceling a credit or debit card. However, a lot of us still think cybercrime won’t happen to us.
Acecard finds its way onto a user’s mobile device usua...
Cyber espionage, also known as cyber spying, is grabbing a lot of headlines lately. The most recent incident affects Apple’s iOS. Researchers at Citizen Lab discovered that a highly sophisticated cyber espionage group has deployed a very rare, advanced form of spyware, which can break an iPhone wide open.
The good news- Apple has already pushed out the update to fix three vulnerabilities, that when combined, lead to compromise of an iOS device. If you haven’t already, you should update your software immediately.
Additionally, this particular spyware was aimed solely at a UAE human right...
Overnight sensation Pokémon GO! has continued to explode over a week after its New Zealand, Australia, and the US on Wed July 6. July 13th the game was released in Germany and the following day for the UK. According to the developer, Pokémon GO! was released in 28 additional countries on July 16 in a huge European rollout, followed by Canada on July 17th.
This game has been a global phenomenon, and while around 35 countries may seem like a lot, keep in mind, there are 196 countries in the world. That still makes for a whole lot of users clamoring for the game. As a result of such a mass...
Researchers at Symantec have recently discovered a malicious app that can steal photos and videos from the popular instant messaging and VoIP app Viber. The malicious app, Beaver Gang Counter, which was available on Google Play, positions itself as a score-keeping app for a card game. Instead of helping you keep score, it secretly searches for the directories that Viber uses to store images and video files, which it then sends to a remote server.
This type of data could reveal host of personally identifiable information (PII). It is said that a photo is worth a thousand words, and in this...
Although Dridex (W32.Cridex) and Locky (Trojan.Cryptolocker.AF) have been unusually quiet, a new type of ransomware may be taking their place on the online threat landscape. Bart, a new ransomware variant, introduced by the same cybercriminal group behind Dridex and Locky, was spotted late last week.
Are your Apple AirPorts suddenly flashing yellow? That’s because Apple has sent out a major update to your AirPort Express, AirPort Extreme, and AirPort Time Capsule base stations.
Apple discovered a vulnerability in the firmware of the AirPorts that could allow attackers to execute commands on the affected devices.
Luckily, it’s a snap to update your devices. Just go to AirPort Utility, and there will be a small, red notification next to the devices that need to be updated. Just click on that device and then on the “update” button for each device, and they will automatically update. Con...
A sudden drop in cybercrime activity related to major threat families Locky, Dridex, and Angler have Symantec cybersecurity experts taking note, but still keeping a vigilant eye on the associated malware gangs. One reason for the decrease may be the arrest of 50 people in Russia thought to be involved in the group behind the Lurk banking fraud.
One of the most prevalent ransomware threats in 2016, Locky has shown a significant drop in activity during the month of June. Blocked Locky infections per week went from more than 3,000 in May to the low hundreds this month. That ...
FLocker (short for "Frantic Locker") ransomware is now capable of locking up Android TV sets. This particular ransomware strain is not new, as it has been posing a threat to Android smartphones since May 2015. There are several thousand variants of this strain of malware, and one has now made its way onto smart televisions running Android OS.
While this variant of malware does not encrypt files on the infected device, it does lock the screen, preventing the user access to the TV. Additionally, this malware has the potential to steal data from the device.
This new version of FLocker, much...
A critical new vulnerability (CVE-2016-4171) has been exploited via targeted attacks in Adobe Flash Player 22.214.171.124 and earlier versions for Windows, Macintosh, Linux, and Chrome OS.
This vulnerability can cause a system crash and possibly allow an attacker to take control of the affected system.
How to Protect Yourself
Once available, Flash Player users should update to the latest version(link is external). Since this is an active vulnerability that is already being exploited, it is crucial that users update their software immediately.
If you are concerned about this issue you can ...
A hacker group that calls itself OurMine claims that it has gained access to several of social media tech giant, Mark Zuckerberg’s social media accounts, as a result of the 2012 LinkedIn data breach. Zuckerberg is the latest example of what can happen when you create and reuse weak passwords. What is surprising is how weak his password was. According to the hackers, his password was “dadada.” However, his Facebook account remains intact and best practices have been employed to secure his compromised accounts.
Are you a victim too?
The LinkedIn data breach reportedly exposed 117 million...
Over 2,500 Twitter accounts have been taken over by scammers and are tweeting links to adult dating and sex personals websites. Once the accounts were compromised, the attackers essentially “rebranded” the account by changing profile photos, biographies, and name of the accounts to match the websites they were promoting.
Symantec has been investigating this issue, and they have found that there were a few high profile accounts that had followers from 20,000 upwards to hundreds of thousands that had been compromised.
How to Secure Your Twitter Account
It seems that these attackers are...
In 2012, LinkedIn suffered a data breach of six million user account names and passwords. Apparently, that breach is extremely larger than originally reported.
A Russian hacker going by the name of “Peace” has claimed responsibility for the 2012 hack. This hacker has now resurfaced, and instead of just the six million credentials, he is selling a whopping 117 million credentials on the Dark Web acquired from that same breach.
This hacker waited four years to release the data on the black market.
This just goes to show how important it is to use strong and unique passwords for each servic...
Hot on the heels of the zero-day flaw announced earlier this week, Adobe has released a patch today that patches 25 newly discovered vulnerabilities. The vulnerabilities that were found affect Flash for Windows, Mac OS X, Linux, and ChromeOS operating systems. These vulnerabilities can allow an attacker to take control of the affected computer if exploited. Some of these attacks may already have been executed by cybercriminals.
How to Protect Yourself from This Threat
If you are running Flash and if it has not already automatically updated with the emergency fix, patch Flash immediately.
Zero Day Vulnerabilities are a newly discovered software vulnerabilities that are unknown to the manufacturer. A software vulnerability is a weakness in the software where cybercriminals can sneak malware onto your computer. In these cases hackers will rush to exploit the newly discovered vulnerability before the software company has the chance to fix it.
While Norton customers are automatically protected in most cases, it’s still always a good idea to err on the side of caution and continue to apply vendor patches as they become available.
Performing these updates can be a cumbersome an...
American cyber investigation company Hold Security has discovered a massive data breach of more than 250 million webmail accounts around the world.
The company’s founder, Alex Holden, reportedly told Reuters that:
“The discovery of 272.3 million stolen accounts included a majority of users of Mail.ru, Russia’s most popular email service, and smaller fractions of Google, Yahoo and Microsoft email users.”
The discovery was made when a researcher at Hold Security stumbled upon a young Russian hacker, known as “The Collector” boasting in an online forum about how he had stolen these records...
As mobile payment platforms become more popular, scammers are taking notice to this uptick in digital currency exchange. Fake Android apps have been discovered on the Google Play Store that pose as popular mobile payment platforms.
Researchers from security firm PhishLabs discovered 11 of these phishing applications since the beginning of 2016 hosted on the Google Play store.
The scam works by displaying fake webpages designed to look like legitimate pages, however, these webpages are launched inside the app, allowing the attackers to hide the actual web address of the webpage, leaving u...
1.1 Million people are at the risk of having their private data exposed in the underground economy, also known as the Dark Web. Controversial website, BeautifulPeople.com, which claims to have “the largest network of attractive people in the world” has announced that they have become a recent victim of a data breach.
When setting up a profile on the site, users are asked to provide sexual preference, relationship status, income, address and other physical attributes like weight, height, job, education, body type, eye color and hair hue, as well as email address and mobile phone number. Ba...
Two zero-day vulnerabilities showed up recently that could spell trouble for Apple users who use QuickTime for Windows.
The ZDI-16-241 and ZDI-16-242 vulnerabilities allow an attacker to run malware or malicious code remotely. It gains access to a computer when a user is tricked into visiting a malicious webpage or opens a malicious file.
This vulnerability is critical because Apple is no longer providing security updates for QuickTime on Windows. Since these vulnerabilities are never going to be patched, the best line of defense is to uninstall QuickTime for Windows immediately.
Adobe has released a patch for a newly discovered vulnerability CVE-2016-1019, which affects Adobe Flash Player.
It has been found that two separate exploit kits known as “Magnitude and Nuclear” have been using this vulnerability to spread ransomware to the target via drive by downloads. An exploit kit is a package of software that finds and takes advantage of security holes, or software vulnerabilities in computer software. They are primarily used to spread malware. Drive-by downloads means that malware can be installed on your computer simply by browsing to a compromised website.
Adobe has now released the patch for the vulnerability. You can read about it here.
Adobe announced it will soon issue an update for its Flash Player in response to the discovery of critical vulnerability CVE-2016-1019, which is currently being exploited in the wild. According to Adobe, the vulnerability could cause computer crashes and potentially allow an attacker to take control of an affected computer.
The vulnerability affects Adobe Flash Player versions 126.96.36.199 and earlier for Windows, Mac, Linux, and Chrome operating systems. Exploitations on computers running Windows...
Benjamin Franklin once said that the only certain things in life are death and taxes. While individuals, businesses, and tax preparers get ready for tax season at the beginning of each year, another certainty exists: Cybercriminals will attempt to victimize these entities with tax-related scams.
Tax season is a ripe time for phishing and spreading malware; without fail, tax-related online scams remain a most popular type of phishing scam each and every year. Through our threat intelligence network, we have identified four types of tax scams that individuals and businesses should be wary o...
One of the most prevalent Android ransomware threats in the West has now expanded to Asia, choosing Japan as its first target. Android.Lockdroid was spotted on March 11th, and disguises itself as a system update. Once the ransomware detects that it’s installed on a device in a certain country, it displays the ransom message in that country’s language. This is the first type of “chameleon” ransomware we’ve spotted. Once the ransomware is installed and running on the device, it “phones home” to the cybercriminal’s server, and then uploads the device’s information to figure out the phone’s la...
There’s a perception that OS X is impenetrable, especially when compared to Windows. In recent times this assumption is being proven wrong.
The latest in a series of flaws discovered in OS X and iOS is a vulnerability in Apple’s security system. The shortcoming showed up in the System Integrity Protection (SIP), a security feature that Apple introduced with El Capitan last year. SIP was designed to prevent modifications to protected files and folders on Mac. The OS X bug has not only bypassed SIP but can also be used to make malware harder to remove from an infected system.
It’s tax season, so our finances are top of mind for many of us. Cybercriminals are thinking about our money, too. After all, most cybercrimes are committed for monetary gain. According to the Symantec report titled “Financial Threats 2015,” cyber thieves are developing stronger attacks on banks and other institutions to try to access our hard-earned money. Here’s an inside look at the top threats financial companies faced in 2015, plus tips on keeping your own bank accounts secure.
Financial institutions of all shapes and sizes are vulnerable to cyber attacks — fro...
It’s time to patch ALL the Apple things!
Apple has released a slew of software updates this week for various products. Most importantly, the updated iOS 9.3.
In March there were two vulnerabilities discovered within iPhone’s iOS
One vulnerability, a proof-of-concept (PoC), was discovered by a research team from John Hopkins University. The researchers discovered a way to break the encryption used by iMessage that could allow attackers to access and steal attachments such as images, videos and documents that are being shared securely with contacts
The second vulnerability discovered inv...
Just when you think the Angler Exploit Kit is wreaking havoc to its full potential, it surprises us by getting more aggressive.
Last weekend several mainstream websites, fell victim to a massive malvertising campaign. The tainted ads in these websites may have directed thousands of unsuspecting users to a landing page hosting the notorious Angler Exploit Kit, a kit that stealthily installs crypto-ransomware and other malware on computers.
What is Malvertising?
Malvertising is a shortened term for malicious advertising, and uses legitimate online advertising services to spread malware. M...
Cybercriminals regularly use exploit kits to innovatively find vulnerabilities in systems and infect users with malware. An exploit kit opens a medium for cyber criminals to communicate with your system and feed it codes that include different types of commands. These kits are big money in the underground economy and one of the most notorious among them is the Angler Exploit Kit.
A recent victim of this Angler Exploit Kit is ‘Burrp’, a popular local food and restaurant recommendation website based in India. Burrp was compromised to redirect users to the Angler exploit kit (EK) in order ...
The discovery of a critical Adobe Flash Player zero-day vulnerability, CVE-2016-1010, “that could potentially allow an attacker to take control of the affected system” prompted Adobe to issue an emergency patch on March 10. Adobe says the vulnerability has been identified as “being used in limited, targeted attacks.”
How to Protect Yourself from This ThreatPatch Flash immediately if you are running Flash and if it has not already automatically updated with the emergency fix.
Symantec recently discovered a phishing site for Amazon.com, which didn't seem out of the norm, at first. However, when taking a closer look at the HTML source code, an interesting comment from the attacker was uncovered. The "brag tag," found details that consisted of the name of the scam, "Scama Amazon 2016,” along with the attacker's name, website, and even a YouTube channel.
Upon investigating Code nour, the phisher's YouTube channel, it was found that it has only five subscribers, and most of the videos have fewer than 100 views at the time of writing. While not many people subscribe...
Between March 4th and 5th, 2016, Apple customers were the targets of the first Mac-focused ransomware campaign executed by cybercriminals. There have been previous reports of what is called “proof of concept,” which means that researchers have found a way to execute malware on a Mac, however, in these instances, it was not cybercriminals abusing the malware. In this instance, it is the first time that cybercriminals are using this malware to execute real life attacks.
What is Ransomware?
Ransomware is far more advanced and aggressive than ordinary malware. Ransomware will encrypt the d...
With the IRS’s due date of April 18th looming overhead, fraudsters are rapidly trying to cash in on tax refunds. Over the past two weeks, we’ve seen an increase of BEC (business email compromise) fraudster scams involving requests for employee’s W2 taxpayer information. In this scam, the scammer pretends to be a member of upper management, and targets a more junior member of the organization. The phishing email requests that the target send employees’ W2 forms for inspection.
It’s important to realize that these documents contain tax and wage information for employees as well as their soc...
A recent vulnerability involving the handling of SSL/TLS (Secure Socket Layer/Transport Layer Security) certificates dubbed as DROWN, has been discovered by researchers. DROWN stands for “Decrypting RSA with Obsolete and Weakened eNcryption.” Attackers probing for vulnerable servers affected by the DROWN vulnerability can force certain web servers to use an older, insecure version of SSL/TLS, resulting in weak encryption that is easily decrypted by an attacker. DROWN was discovered by a team of researchers from Tel Aviv University, Münster University of Applied Sciences, the Horst Görtz In...
Today, Norton released findings from a survey of more than 5,000 consumers from U.S., U.K., Canada, Australia and Japan about their fears of and forays into the connected world. The survey makes clear that there are two types of people: those who understand smartphones and IoT devices come with risks, and those who do not.
More than half of respondents globally (56 percent) say the prospect of the financial and banking information stored on their phone being hacked is upsetting. What is more striking is that nearly half either do not care about their information being hacked or they are...
It’s sad to say, but cybercriminals have learned how to use our emotions against us. When we read media reports about accidents or watch videos of natural disasters on the news, it’s normal to feel empathy for the victims of tragic current events, or even concern for our own safety. Unfortunately, that’s when scammers have learned that we are at our most vulnerable, and they have an array of tools to take advantage of that. Here are just a few of the standard Internet scams that fraudsters trick us into.
Donating to “Charities”
Beware of unsolicited emails from charities that promise to ...
Symantec’s Global Intelligence Network (GIN) team has updated their intelligence page, which provides the most up-to-date analysis of cybersecurity threats, trends, and insights concerning malware, spam, and other potentially harmful risks. The GIN is a respected source of data and analysis for global cybersecurity threats, trends and insights. Symantec regularly publishes informed analyses based on the latest GIN data available. Here are some key takeaways from this latest batch of intelligence.
There is good news and there is bad news. The good news is there is a decrease in the number ...
Android smartphone users should be aware of a dangerous new type of malware that spreads via spam SMS or MMS messages that link to a malicious app file. The Mazar BOT, as it is called, tricks the Android user into gaining administrative access to the infected Android phone and can then erase any stored data. Although security research experts believe this malware has several hidden capabilities that are still being discovered, they know this malware will turn your smartphone into part of a hacker botnet web.
How the Mazar BOT Attacks Androids
Android mobile phone users receive this (or s...
A new variant of ransomware has been discovered on Tuesday (February 16), known as "Locky," and has been spreading swiflty since it first appeared. The attackers behind Locky have spread the malware using massive spam campaigns and compromised websites. Locky typically spreads itself by tricking users into opening a document attachment sent to them by email. Once downloaded, the document looks like random characters and symbols, and victims are prompted to enable macros in the document, which downloads a malicious file that encrypts files on compromised Windows PCs.
Locky encrypts files o...
Malicious software that uses encryption to hold data for ransom has become wildly successful over the last few years. The purpose of this software is to extort money from the victims with promises of restoring encrypted data. Like other computer viruses, it usually finds its way onto a device by exploiting a security hole in vulnerable software or by tricking somebody into installing it. Ransomware, as it is known, now scores high profile victims like hospitals, public schools and police departments.
The nefarious ransomware business model has turned out to be a lucrative industry for cri...
Every February, users both single and coupled tend to increase their downloads of Valentine’s Day-centric apps. These apps can come in the forms of Valentine's Day-themed wallpapers, horoscope compatibility tests, greeting cards for significant others, and love-related games. While these types of apps may seem like a fun novelty for the time being, our research has found that these romance-related apps are four to five times more likely than other applications to be uninstalled within a month of installation. As a result, cybercriminals are looking for their chance to take advantage of use...