Phishing & Malspam with Leaf PHPMailer

It’s common knowledge that attackers often use email as a delivery mechanism for their malicious activity — which can range from enticing victims to click a phishing URL or download a malicious attachment. To support these activities, attackers seek out tools that assist in the mass sending of malspam (malicious spam) emails from a compromised website. PHP scripts like Leaf PHPMailer are well suited for[…]

Continue reading …
GandCrab

Should we be worried about GandCrab ransomware?

On May 31, 2019 the cybercriminals behind the GandCrab ransomware did something unusual within the world of malware. They announced they were shutting down operations and potentially leaving millions of dollars on the table. “All good things come to an end” they wrote in a self-congratulatory post appearing on a notorious cybercrime forum. Since launching in January 2018, GandCrab’s authors claimed to have brought in[…]

Continue reading …
cryptomining

How to protect your computer from malicious cryptomining

Noticing that your computer is running slow? While sometimes a telltale sign of infection, these days that seems doubly true. And the reason is: malicious cryptomining. So, what, exactly, is it? We’ll tell you how bad this latest malware phenomenon is for you and your computer, plus what you can do about it. Definition Malicious cryptomining, also sometimes called drive-by mining, is when someone else[…]

Continue reading …
cryptocurrency

Drive-by mining and ads: The Wild Wild West

There seems to be a trend lately for publishers to monetize their traffic by having their visitors mine for cryptocurrencies while on their site. The idea is that you are accessing content for free and in exchange, your computer (its CPU in particular) will be used for mining purposes. The Pirate Bay started to run a miner on its site and later publicly acknowledged it. In other[…]

Continue reading …
Spyware

All about spyware

When you go online, don’t assume that your privacy is secure. Prying eyes often follow your activity-and your personal information-with a pervasive form of malicious software called spyware. In fact, it’s one of the oldest and most widespread threats on the Internet, secretly infecting your computer without permission in order to initiate a variety of illegal activities. It’s easy to fall prey to and can[…]

Continue reading …
Ransomeware

How to beat ransomware: prevent, don’t react

Picture this: You’ve spent the last few weeks working on a tribute video for a friend’s 30th wedding anniversary. You collected photos and video clips and edited them together, laying over a soundtrack of their favourite songs. It was a real labour of love. When you finally finish the project, you go to copy the file onto a DVD and—what the?—a strange message pops up.[…]

Continue reading …
Exploits

What are exploits? (and why you should care)

Exploits: they’re not your mama’s cyberthreats. At one point in the not-so-distant past, exploits were responsible for delivering 80 percent of malware to people’s systems. But exploits seem to be experiencing a lull today. Does this mean they’re gone for good and we can all let down our guard? Or is this simply the calm before the storm? Let’s break down this stealthy threat so[…]

Continue reading …
protect yourself online

Eight things you need to do right now to protect yourself online

1. Use unique passwords for all your accounts What: Stop kidding yourself that you only re-use passwords on accounts that don’t matter, or that you have an unbreakable password scheme that no one else can guess. Every single thing with a password needs to have a unique password, shared with nothing else. Why: Services get hacked, with entire databases of passwords published in the open.[…]

Continue reading …
Passwords and hacking

Passwords and hacking: the jargon of hashing, salting and SHA-2 explained

From Yahoo, MySpace and TalkTalk to Ashley Madison and Adult Friend Finder, personal information has been stolen by hackers from around the world. But with each hack there’s the big question of how well the site protected its users’ data. Was it open and freely available, or was it hashed, secured and practically unbreakable? From cleartext to hashed, salted, peppered and bcrypted, here’s what the[…]

Continue reading …
Ransomeware

Security in 2017: Ransomware will remain king

2016 was the year of ransomware, with hackers focusing their attention on exploiting Internet users and businesses around the world for profit. According to the FBI, cyber extortion losses have skyrocketed and ransomware was on track to become a $1 billion a year crime in 2016. Our research shows no sign of this security nightmare slowing down in 2017. Hackers are becoming more advanced, and[…]

Continue reading …
shredder

How to avoid identity theft

Bad news if you were hoping to stay safe online: the number of victims of identity theft rose by 57% in the last year, according to fraud prevention service Cifas. But unlike previous rises, the victims of identity theft are no longer targeted by fraudsters digging through rubbish bins for bank statements, or by hackers installing keyloggers on compromised PCs. Instead, according to Cifas, the[…]

Continue reading …
The Cloud

Should you store your data in the cloud?

It’s pretty simple to understand where a file goes when you save it on your PC. It lives on your hard drive, possibly housed in a set of folders you’ve created and organised yourself. That file is only stored on your computer, unless you decide to email it to yourself or save it on an external hard drive or USB. Now what about the cloud?[…]

Continue reading …
Malvertising

Major sites hit by ‘ransomware’ malvertising

Adverts hijacked by malicious campaign that demands payment in bitcoin to unlock user computers. A number of major news websites have seen adverts hijacked by a malicious campaign that attempts to install “ransomware” on users computers, according to a warning from security researchers Malwarebytes. The attack, which was targeted at US users, hit websites including the New York Times, the BBC, AOL and the NFL[…]

Continue reading …

Stolen credit card details available for £1 each online

UK credit card details are on sale for as little £1 each online, the Guardian has learned, as fears rise over the security of personal data in the wake of the TalkTalk cyber-attack. More than 600,000 individuals had their personal details stolen from UK companies in 2014, according to the Financial Times, underlining the scale of online crime in this country. It is likely that[…]

Continue reading …

TalkTalk system failure: complex IT needs experienced staff

It does not surprise me that Dido Harding was clueless about TalkTalk’s IT system failure. It is quite normal for managers to claim to be in control of IT systems until such time as they are exposed by events to not be in control at all. They typically delude themselves with assurances that “best practices” have been adopted. The problem with these best practices for managing[…]

Continue reading …