Websites offering cracked versions of popular software programs have recently been serving up adware bundles that secretly deliver a variant of STOP ransomware. According to a pair of reports from Bleeping Computer founder Lawrence Abrams, the scheme came to light in December 2018 with the appearance of the malicious encryptor “Djvu” – so named because…
A fake currency converter and a phony battery utility program are among the latest fraudulent apps to be expunged from Google Play, according to researchers who discovered they were infecting users with a version of the Anubis banking malware family. Both fraudulent apps employ a crafty technique to determine whether it is safe for them…
A cyberattack on Health Sciences North in Sudbury, Ontario, yesterday has reportedly disrupted multiple systems at 24 of the Canadian health provider’s hospital facilities in the northeastern part of the province. Dominic Giroux, CEO of Health Sciences North, said the virus that caused the incident “is not captured by the current anti-virus tools that are…
A series of vulnerabilities in the hugely popular online survival game Fortnite could have allowed malicious actors to take over players’ accounts, prompting developer Epic Games to fix the issues before a major incident transpired, according to researchers who discovered the program. Had the flaws been exploited, attackers could have victimized gamers by viewing their…
A data breach of an third-party online payment system has compromised the personal information of Hanover County, Virginia, residents. In an official online notification, county officials have disclosed that an unauthorized party stole credit card information processed by the Click2Gov payment portal between Aug. 1, 2018 and Jan. 9, 2019. Exposed information includes customer names,…
Researchers have developed proof-of-concept malware capable of compromising Building Automation Systems after discovering two critical bugs in a BAS programmable logic controller (PLC). Created by experts at ForeScout, the malware exploits both vulnerabilities in combination with several older flaws that were previously known to the public, according to a ForeScout white paper released today in…
In a case of cybersecurity converging with physical security, researchers have disclosed four vulnerabilities in IDenticard Corp.’s PremiSys building access control system that attackers could exploit to sneak into restricted locations. In a corporate blog post, Tenable, Inc. reported today its researcher Jimi Sebree discovered the zero-day flaws in September 2018, after which time the company…
The British man who orchestrated a series of DDoS attacks that disrupted Internet access across the African nation of Liberia in November 2016 has been sentenced to two years and eight months in prison. Daniel Kaye, 30, from Egham, Surrey, pleaded guilty last December of using botnets and stressors to bombard Liberian telecom provider Lonestar…
Multiple researchers are linking the Ryuk ransomware that disrupted the operations of multiple U.S. newspapers in late 2018 to the Emotet and TrickBot trojans. In so doing, some analysts have now also shifted blame for the attack from North Korean actors to cybercriminals, possibly from Russia, while others maintain that attribution efforts are premature. Crowdstrike,…
A man convicted of launching DDoS attacks against two Boston-area health care facilities was sentenced in U.S. District Court on Thursday to 10 years in prison. Martin Gottesfeld, 34, of Somerville, Mass., was found guilty last August of attacking Boston Children’s Hospital and the Wayside Youth & Family Support Network back in 2014. Gottesfeld has…
