D-Day for D.C.: Russian Hackers Begin Dumping Data from Washington D.C. Police Hack

Sometime before April 27th, the Babuk Locker ransomware gang claimed to have infiltrated the Washington D.C. Metropolitan Police network and stolen 250GB of data. They claim to have found a zero-day vulnerability in the department's VPN. The attack does not appear to rely on file encryption but on pure extortion: Pay us or we release … Continue reading D-Day for D.C.: Russian Hackers Begin Dumping Data from Washington D.C. Police Hack

Russian DarkSide Ransomware Shuts Down Biggest Gas Pipeline in the U.S. (update)

The DarkSide ransomware group is usually classified as an Eastern European hacking group. This is done on the basis of the attackers stopping any attack if certain Eastern European languages are detected on the targeted device. Generally, these languages are Russian, Kazakh, Ukrainian, and Belarusian. However, the most recent version of their malware seems to … Continue reading Russian DarkSide Ransomware Shuts Down Biggest Gas Pipeline in the U.S. (update)

The Forex Catfish Scam

"It was beauty killed the beast." King Kong, 1933 You can't scam someone who doesn't trust you. This is why scammers use every trick possible to make themselves seem legitimate and to earn your trust. They also realize that reason can be circumvented by emotion. Greed, curiosity, and the possibility of romance often overcome common … Continue reading The Forex Catfish Scam

Anyone Want Some North Korean Cybersecurity Protection?

North Korea needs money. They are not the economic powerhouse they had tried to be. In fact, the Dear Leader admitted in January that the economy was a total failure, despite posters showing the contrary. Other nation-states may hack primarily for information, but North Korea hacks primarily for money. The North Koreans may be short … Continue reading Anyone Want Some North Korean Cybersecurity Protection?

University of California, University of Colorado, University of Maryland, Stanford, University of Miami, and Others Snared in Extortion Attacks

It's becoming a common story. Experienced hacking groups use vulnerabilities in widely used third-party software to gain entrance to an enterprise's network. In the most recent case, the Clop ransomware gang leveraged a zero-day vulnerability in a widely used file transfer program from Accellion to penetrate university networks, as well as a number of other … Continue reading University of California, University of Colorado, University of Maryland, Stanford, University of Miami, and Others Snared in Extortion Attacks

How Using Google Search can Lead to a Ransomware Attack on Your Company

It's become almost axiomatic that malware attacks of all varieties begin with a phishing email. Most enterprises teach their employees how to deal with such attacks, how to identify a phishing email, how to avoid dangerous links, and how to identify malicious attachments. Yes, this information does help, but what if your employee becomes an … Continue reading How Using Google Search can Lead to a Ransomware Attack on Your Company

Those Annoying Pop-Ups may be More Dangerous than You Think

If you've done enough browsing, you've undoubtedly tried to navigate to a website only to be redirected to another page. Then, in order to get to the page you want, you have to cancel that page. Sometimes you have to do this several times. For the most part, this is nothing more than an annoyance. … Continue reading Those Annoying Pop-Ups may be More Dangerous than You Think

Google Sued for Incognito Mode Abuse

Incognito: having one's identity concealed, as under an assumed name, especially to avoid notice or formal attentions. With this definition in mind, I assume, therefore, that when I choose to browse in Incognito Mode on Google's Chrome Browser, I will have my identity concealed. I don't think that's expecting too much. Google, itself, promises that … Continue reading Google Sued for Incognito Mode Abuse

Attackers Use Fake reCAPTCHAs to Trick Corporate Executives

I am sure that at some point in your cyber life, you have failed to prove you were a human. You have failed the CAPTCHA or reCAPTCHA test. Can't you identify a bicycle when you see one? Can't you read the letters in a twisted word? Humans can do that so you must be a … Continue reading Attackers Use Fake reCAPTCHAs to Trick Corporate Executives

Beware of RATs in Images

There's nothing new about hiding malware in an image. Once hackers learned that image files could mask malware, they began using them.  The name given for hiding a file in a file is steganography. It's always been a sneaky way to avoid detection because the average user believes pictures are innocent; that pictures are pictures … Continue reading Beware of RATs in Images