Tag Archives: malware

Privacy Tip #226 – Beware – Well-Known Brands Used for Phishing Schemes

A new study by Check Point Research shows that cyber criminals are using well-known brands to lure victims into clicking on nefarious links, providing personal information or credentials, or getting users to transfer money.  This is an old malware trick that we used to see and now recognize. Scammers send a phishing email after copying … Continue Reading

Cyber Criminals Using Coronavirus Concern to Assist with Intrusions

Concern over the spreading coronavirus from China is legitimate and real. The World Health Organization (WHO) has declared the coronavirus a global health emergency, and the United States and other countries are limiting travel of individuals from the affected areas in China. As we have seen with other public concerns, cyber criminals and threat actors … Continue Reading

Crime-as-a-Service Targets Popular Platforms

It’s getting difficult to keep up with the jargon of all of the new digital scams. The SaaSes in the beginning became regular business terms, such as Software-as-a-Service (SaaS), and Business Processes-as-a-Service (BPaaS). But then the criminal enterprises came up with Malware-as-a-Service (MaaS), Ransomware-as-a-Service (RaaS) and now Crime-as-a-Service (CaaS). A new Crime-as-a-Service offering is targeting … Continue Reading

Privacy Tip #206 – Be Mindful of Calendar Invites—They Can Contain Spam

Spam is invading all aspects of our online life, and of late, even our online calendars. I hadn’t thought about embedded malware in calendar invites until I read an informative krebsonsecurity.com blog article this week. I think this is something everyone should know about and be mindful of when receiving calendar invites. Calendar invites are … Continue Reading

Louisiana Governor Declares Statewide Emergency After Cyber-Attacks Against School Systems

Louisiana Governor John Bel Edwards, for the first time in history, declared a statewide cybersecurity emergency last week, following cyber-attacks against several school systems in the state. By declaring a cybersecurity emergency, the state is able to garner needed resources, including cybersecurity experts from the Louisiana National Guard, State Police, the Office of Technology Services, … Continue Reading

Privacy Tip #200 – Iranian Backed Hacking Group Using LinkedIn To Deliver Malicious Documents

Fireeye published research last week that it has identified a phishing campaign by APT34, which is known to be a hacking group out of Iran, that all LinkedIn users should be aware of when considering adding a LinkedIn contact. In particular, if you receive a LinkedIn request from someone named Rebecca Watts from Cambridge University, … Continue Reading

U.S. Cyber Command Issues Warning About Microsoft Outlook Vulnerability

Hackers are targeting U.S. government networks, according to U.S. Cyber Command, which says there is a vulnerability of CVE-2017-1174, which is a two year old flaw in Microsoft Outlook that is being used by attackers to install remote access Trojans and other malware. U.S. Cyber Command recommends that the vulnerability be patched to prevent exploitation. … Continue Reading

DHS Warns Businesses of Risk of Iranian-Backed Wiper Malware Attacks

The tension with Iran has generally increased, and it has been reported that the U.S. has launched a cyber-attack against Iran. In retaliation, the risk of Iranian-backed wiper malware attacks against U.S. businesses and government agencies has increased, according to the Department of Homeland Security (DHS). DHS recently issued a warning to U.S. businesses to … Continue Reading

A Value Add to Employee Security Education: Mobile Apps

While we have been talking about the very important message of educating employees about data security, I find that giving employees tips about their personal data security keeps them interested and engaged during education sessions. It is surprising how little people in general, and employees specifically, know about their personal devices and the security of … Continue Reading

Hackers Indicted for Involvement in 2015 Anthem Data Breach

Earlier this month, a federal grand jury returned an indictment charging a Chinese national and another individual as part of an extremely sophisticated hacking group operating in China that targeted large businesses in the United States, including health insurer Anthem. The indictment stemmed from an investigation by the FBI in which Anthem cooperated, earning praise … Continue Reading

New Malware Targets Big Banks and Cryptocurrency Apps

New malicious malware dubbed “Gustuff” targets big banks, fintech companies and cryptocurrency apps, according to the security firm Group IB. According to Group IB, which discovered Gustuff on hacker forums, the new malware is affecting Android devices and is “a mobile Android Trojan, which includes potential targets of customers in leading international banks, users of … Continue Reading

Cyber Criminals Recruiting Employees on the Dark Web to Assist with Fraud Schemes

Darkreading.com has issued a survey entitled: Monetizing the Insider: The Growing Symbiosis of Insiders and the Dark Web which states that malicious insiders are responsible for 27 percent of all cybercrime. This statistic confirms that cyber criminals are increasingly recruiting insiders by using the dark web as a recruiting tool. So not only do businesses … Continue Reading

Botnet Necurs Turns Its Focus On Banks

Just days after the FBI issued a private warning to the banking industry (read more here), the botnet network known as Necurs began a spamming campaign that targeted the banking industry. The activity was discovered by the security research firm Cofense. According to Cofense, the Necurs network started a concentrated spear phishing campaign against approximately … Continue Reading

Virginia Bank, Hacked Twice with Phishing Schemes, Losing $2.4 Million

In a lawsuit against its insurance company requesting reimbursement for close to $2.4 million from two different hacking incidents, National Bank of Blacksburg detailed the intrusions, which are instructive of a sophisticated scheme against the financial services industry. According to the lawsuit, the first theft took place on Memorial Day weekend of 2016. In that … Continue Reading
LexBlog