Security Covered by Norton

In October 2016, the world was introduced to the very first “Internet of Things” malware, which is a strain of malware that can infect connected devices such as DVRs, security cameras and more. The Mirai malware accessed the devices using default password and usernames.

Hot on the heels of Yahoo announcing a data breach of 500 million user accounts in September, the company has announced that they have suffered another breach of one billion accounts. Yes, you read that correctly- one BILLION accounts.

Netgear has announced a patch for software vulnerabilities in over 30 devices that can allow hackers access to the router password. The vulnerability gives attackers access to the router’s password recovery system in order to steal login credentials, giving them full access to the device and all of its settings.

Hundreds of malicious apps are showing up on the Google Play Store, disguised as legitimate applications. These malicious apps are carrying malware known as Dresscode. Dresscode is designed to infiltrate networks and steal data. It can also add infected devices to a Botnet, which is capable of carrying out denial-of-service (DDoS) attacks as well as taking part in spam email campaigns.

The attack campaign, dubbed Gooligan, has breached the security of over one million Google accounts and is still growing at a rate of 13,000 new infections each day. Gooligan is a variant of the Ghost Push malware family of hostile downloaders which download apps onto infected devices without the user’s permission.

​FriendFinder Inc. owns multiple adult themed websites including AdultFriendFinder.com, Cams.com, Penthouse.com, Stripshow.com and more. If you have ever signed up for one of these accounts, even if it was briefly out of curiosity, it is recommended that you change your password. This is the company’s second breach in just over a year.  Included in the 400 million breached accounts were 16 million deleted accounts.

In the past few weeks, fake apps have been popping up in the Apple App Store- right as the holiday shopping season goes into full swing. Most of these apps are masquerading as high-end, designer brands offering the luxury goods for a discount.

*Updated October 25th 2016 to include new information about the incident.

Starting in the early hours of Friday, October 21, 2016, a Distributed Denial of Service (DDoS) attack flooded one of the largest DNS server companies in the world, bringing half the Internet to a screeching halt.

If you have a Yahoo account, you need to change your password now. If you reuse that password on any other online accounts, you should change that too.

Yahoo announced on Thursday September 22nd that they have been the victim of a substantial cyber attack that occurred in 2014, which stole information associated with 500 million accounts. Yahoo is currently working with law enforcement to determine the source of the attack.

An unusual strain of ransomware has shown up on the scene, and it isn’t playing nicely at all. Dubbed “Jigsaw,” the ransomware was created in early March and made its way to the black market a week later, selling for around $140 USD. So far, it seems that there has been minimal sales of the malware. Luckily, it is not widespread yet.

Cyber criminals are finding new ways to steal your money through your Android device. Lately, the use of Android malware that steals your banking credentials, with names such as Acecard or GMbot, is on the rise

Researchers at Symantec have recently discovered a malicious app that can steal photos and videos from the popular instant messaging and VoIP app Viber. The malicious app, Beaver Gang Counter, which was available on Google Play, positions itself as a score-keeping app for a card game. Instead of helping you keep score, it secretly searches for the directories that Viber uses to store images and video files, which it then sends to a remote server.

Overnight sensation Pokémon GO! has continued to explode over a week after its New Zealand, Australia, and the US on Wed July 6. July 13th the game was released in Germany and the following day for the UK. According to the developer, Pokémon GO! was released in 28 additional countries on July 16 in a huge European rollout, followed by Canada on July 17th.

​It has been discovered that attack groups behind the ransomware known as TeslaCrypt (Trojan.Cryptolocker.N) have ramped up activity in the past two weeks, sending out massive volumes of spam emails containing the hidden malware.

Although Dridex (W32.Cridex) and Locky (Trojan.Cryptolocker.AF) have been unusually quiet, a new type of ransomware may be taking their place on the online threat landscape.

Earlier this week, white hat hacker Chris Vickery announced that he was able to gain access to over 13 million MacKeeper user accounts. A vulnerability was exploited in the company’s servers, which exposed the usernames, email addresses and other personal information of 13 million customers.

Are your Apple AirPorts suddenly flashing yellow? That’s because Apple has sent out a major update to your AirPort Express, AirPort Extreme, and AirPort Time Capsule base stations.

A sudden drop in cybercrime activity related to major threat families Locky, Dridex, and Angler have Symantec cybersecurity experts taking note, but still keeping a vigilant eye on the associated malware gangs. One reason for the decrease may be the arrest of 50 people in Russia thought to be involved in the group behind the Lurk banking fraud.

FLocker (short for "Frantic Locker") ransomware is now capable of locking up Android TV sets. This particular ransomware strain is not new, as it has been posing a threat to Android smartphones since May 2015. There are several thousand variants of this strain of malware, and one has now made its way onto smart televisions running Android OS.

A critical new vulnerability (CVE-2016-4171) has been exploited via targeted attacks in Adobe Flash Player 21.0.0.242 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. 

This vulnerability can cause a system crash and possibly allow an attacker to take control of the affected system.

On March 19th, 2015, website developers who use OpenSSL learned of several bugs, including a severe bug that could allow hackers to render a webserver or website unavailable to users.

What is OpenSSL?

The “Open” in OpenSSL means that any developers can work on the code in the project. The SSL refers to secure sockets layer, which is a form of security built into a web browser that is used to encrypt and decrypt data being sent across the web.

Over 2,500 Twitter accounts have been taken over by scammers and are tweeting links to adult dating and sex personals websites. Once the accounts were compromised, the attackers essentially “rebranded” the account by changing profile photos, biographies, and name of the accounts to match the websites they were promoting.

In 2012, LinkedIn suffered a data breach of six million user account names and passwords. Apparently, that breach is extremely larger than originally reported.

Hot on the heels of the zero-day flaw announced earlier this week, Adobe has released a patch today that patches 25 newly discovered vulnerabilities. The vulnerabilities that were found affect Flash for Windows, Mac OS X, Linux, and ChromeOS operating systems. These vulnerabilities can allow an attacker to take control of the affected computer if exploited.

Zero Day Vulnerabilities are a newly discovered software vulnerabilities that are unknown to the manufacturer. A software vulnerability is a weakness in the software where cybercriminals can sneak malware onto your computer.

Two zero-day vulnerabilities showed up recently that could spell trouble for Apple users who use QuickTime for Windows. 

American cyber investigation company Hold Security has discovered a massive data breach of more than 250 million webmail accounts around the world.

The company’s founder, Alex Holden, reportedly told Reuters that:

“The discovery of 272.3 million stolen accounts included a majority of users of Mail.ru, Russia’s most popular email service, and smaller fractions of Google, Yahoo and Microsoft email users.”

As mobile payment platforms become more popular, scammers are taking notice to this uptick in digital currency exchange. Fake Android apps have been discovered on the Google Play Store that pose as popular mobile payment platforms.

1.1 Million people are at the risk of having their private data exposed in the underground economy, also known as the Dark Web. Controversial website, BeautifulPeople.com, which claims to have “the largest network of attractive people in the world” has announced that they have become a recent victim of a data breach.

Adobe has released a patch for a newly discovered vulnerability CVE-2016-1019, which affects Adobe Flash Player.  

*EDITED*

Adobe has now released the patch for the vulnerability. You can read about it here.

Benjamin Franklin once said that the only certain things in life are death and taxes. While individuals, businesses, and tax preparers get ready for tax season at the beginning of each year, another certainty exists: Cybercriminals will attempt to victimize these entities with tax-related scams.

One of the most prevalent Android ransomware threats in the West has now expanded to Asia, choosing Japan as its first target. Android.Lockdroid was spotted on March 11th, and disguises itself as a system update. Once the ransomware detects that it’s installed on a device in a certain country, it displays the ransom message in that country’s language.

There’s a perception that OS X is impenetrable, especially when compared to Windows. In recent times this assumption is being proven wrong.

It’s tax season, so our finances are top of mind for many of us. Cybercriminals are thinking about our money, too. After all, most cybercrimes are committed for monetary gain. According to the Symantec report titled “Financial Threats 2015,” cyber thieves are developing stronger attacks on banks and other institutions to try to access our hard-earned money. Here’s an inside look at the top threats financial companies faced in 2015, plus tips on keeping your own bank accounts secure. 

It’s time to patch ALL the Apple things!
Apple has released a slew of software updates this week for various products. Most importantly, the updated iOS 9.3.

Just when you think the Angler Exploit Kit is wreaking havoc to its full potential, it surprises us by getting more aggressive.

Cybercriminals regularly use exploit kits to innovatively find vulnerabilities in systems and infect users with malware. An exploit kit opens a medium for cyber criminals to communicate with your system and feed it codes that include different types of commands. These kits are big money in the underground economy and one of the most notorious among them is the Angler Exploit Kit.

The discovery of a critical Adobe Flash Player zero-day vulnerability, CVE-2016-1010, “that could potentially allow an attacker to take control of the affected system” prompted Adobe to issue an emergency patch on March 10. Adobe says the vulnerability has been identified as “being used in limited, targeted attacks.”

Symantec recently discovered a phishing site for Amazon.com, which didn't seem out of the norm, at first. However, when taking a closer look at the HTML source code, an interesting comment from the attacker was uncovered. The "brag tag," found details that consisted of the name of the scam, "Scama Amazon 2016,” along with the attacker's name, website, and even a YouTube channel.

Between March 4th and 5th, 2016, Apple customers were the targets of the first Mac-focused ransomware campaign seen in the wild.  These users downloaded a compromised version of the installer for the Transmission BitTorrent client. The malicious Trojan, known as OSX.Keranger, like most ransomware, will encrypt a user’s files and demand a fee (in this case, one Bitcoin, or ~$400) to release the files.

With the IRS’s due date of April 18th looming overhead, fraudsters are rapidly trying to cash in on tax refunds. Over the past two weeks, we’ve seen an increase of BEC (business email compromise) fraudster scams involving requests for employee’s W2 taxpayer information. In this scam, the scammer pretends to be a member of upper management, and targets a more junior member of the organization.

A recent vulnerability involving the handling of SSL/TLS (Secure Socket Layer/Transport Layer Security) certificates dubbed as DROWN, has been discovered by researchers.

Today, Norton released findings from a survey of more than 5,000 consumers from U.S., U.K., Canada, Australia and Japan about their fears of and forays into the connected world. The survey makes clear that there are two types of people: those who understand smartphones and IoT devices come with risks, and those who do not.  

2015 was a banner year for cybercriminals. We reported on 53 events that made it into the headlines, however that was just what we reported. There were many more than that occurred.

We took a look at what was trending to try to predict the next “big things” in cyber security to be on the lookout for in 2016.

Symantec’s Global Intelligence Network (GIN) team has updated their intelligence page, which provides the most up-to-date analysis of cybersecurity threats, trends, and insights concerning malware, spam, and other potentially harmful risks. The GIN is a respected source of data and analysis for global cybersecurity threats, trends and insights.

It’s sad to say, but cybercriminals have learned how to use our emotions against us. When we read media reports about accidents or watch videos of natural disasters on the news, it’s normal to feel empathy for the victims of tragic current events, or even concern for our own safety. Unfortunately, that’s when scammers have learned that we are at our most vulnerable, and they have an array of tools to take advantage of that.