This week we published a major security alert, one that should not be overlooked: be careful about Bad Rabbit, a ransomware outbreak delivered through a fake Adobe Flash Update. It’s significantly more threatening than its predecessors like non-Petya or WannaCry, because it also saves the collected information.
This malware spread like wildfire through major organizations in South-east Europe, the US and other territories, compromising some essential government and private businesses.
You will also find in the alert more details about how this ransomware spread and what you can do to protect yourself from it.
With that being said, we gathered the most important stories of this week in this weekly round-up. See below the summary of a really intense week in cyber-security!
If you thought older Internet users are more at risk for Phishing scams, this report will surprise you. According to the UK government-backed Get Safe Online, 11% of younger adults are more likely to be a victim of a phishing attack, compared to 5% in the case of the 55+ demographic. They’re also more likely to lose 3 times more money compared to their peers, in the event of such an attack. See why in the link above.
This troubling figure comes from the Webroot Quarterly Threat Trends Report, who further breaks down the numbers. Every day, 46.000 new phishing sites pop-up, the majority of them being online and active for a maximum of 8 hours in order to avoid anti-phishing strategies.
Google is working on a new security feature that could prevent your Internet traffic from network spoofing attacks. It’s called DNS over TLS and works similarly to https, enhancing privacy with end-to-end authenticated DNS lookups. However, if you want to conceal your traffic from your internet service provider, you would still need to use a secure VPN service.
- Google launched a new bug bounty program to root out vulnerabilities in third-party apps on Google Play
Google is also launching a bug bounty program for Android that will award $1000 for issues that meet its criteria. It’s an important step towards securing the Google Play environment, an area long-plagued by vulnerabilities.
This cyber attack comes from “The Dark Overlord”, the same hacker person or group who, back in April, claimed to have stolen yet launched episodes of Orange Is The New Black. The stolen data is comprised of both patient list and highly-graphic, close-up images showing surgeries performed in this high-end clinic.
In an amazing twist of events in the Kaspersky-Russian hackers affair, Kaspersky shifts the blame onto a an NSA employee who pirated Microsoft Office. The NSA employee used an illegal keygen for a pirated copy of MS Office and this keygen was infected with malware. You can’t make this stuff up!
This week marks another major event for cryptocurrency. There was fork that created a new version of Bitcoin named Bitcoin Gold – there’s now Bitcoin, Bitcoin Cash and Bitcoin Gold to invest in, if you’d like. However, the transition was not smooth, because the official Bitcoin Gold website was accessed 10 million times a minute in a medium-sized DDoS attack. Could the attack come from classic Bitcoin supporters?
Where do links to phishing websites come from? Well, it could be social media, it could be instant messaging and it could also be good old-fashioned email. According to the Proofproint Quarterly Threat report, the volume of malware emails rose 85%. More alarmingly, a whopping 24% of those emails link to banking trojans. These do more than just steal your money, something we expanded on here.
According to a new Malwarebytes report, conventional antivirus solutions are struggling and failing to protect users from attacks.
We always underlined the importance of multiple security measures to protect yourself: using Defenx Security as an essential supplement to an antivirus, practicing safe browsing, using authentication and more.
A security researcher told Motherboard that he warned Equifax about their security gaps.
“All you had to do was put in a search term and get millions of results, just instantly—in cleartext, through a web app”, he says. Unfortunately, we all know that Equifax didn’t heed his warning and the result was millions of people’s data exposed.