Monthly Archives: November 2018
Ransomware saw massive growth year after year.
New reports on not just ransomware but all malware saw massive growth year after year. From SonicWall the cyber-security company detected 45 percent growth of malware infections towards desktops. SoncWall spotted 300,000 new attack variants so far this year. SonicWall’s recently announced Capture Cloud Platform is designed to counter these rising threats.
SonicWall Capture Threat Network, which includes more than 1 million sensors across the world, recorded the following 2018 year-to-date attack data through September 2018:
- 8.5 billion malware attacks (54 percent increase from 2017)
- 2.9 trillion intrusion attempts (49 percent increase)
- 262.4 million ransomware attacks (108 percent increase)
- 1.9 million encrypted threats (56 percent increase)
In September 2018 alone, the average SonicWall customer faced:
- 1,662 malware attacks (24 percent decrease from July 2017)
- 791,015 intrusion attempts (19 percent increase)
- 56 ransomware attacks (99 percent increase)
- 70.9 encrypted threats (61 percent decrease)
- 10 phishing attacks each day (92 percent decrease)
Windows 10 re-releases the October 2018 patch which was delayed for over a month
Hey friends It’s Patch Tuesday and Microsoft’s Windows 10 October 2018 Update version 1809 had a horrible release last time. Good news is that they have resolved a number of issues with this re-release update.
This was an update that had to be immediately halted because the update could cause you to loose files and have other random glitches.
Remember before pushing this update to your system to check your storage. Read last months article for details.
Windows 10 October 2018 update:
https://patrickdomingues.com/2018/10/20/october-2018-windows-10-update/… Read the rest
Mass Email Campaign Spreading The Emotet Banking Trojan
There is another large-scale spam campaign going to spread the Emotet banking trojan. The Emotet banking trojan is mostly used as the dropper for other payloads like ICedID, Trickbot, Zeus Panda Banker and a few others. These infections can scan and harvest different types of sensitive information, scan email 180 days back, have the ability to open firewall ports and it can spread around in the network like a worm.
So how is this infection infiltrate a network? Well this infection comes in as an email with an attachment being a word doc or pdf doc. When you open up the document and click on a link and allow it to run that’s when you have compromised the system and potentially the entire network.
Do you have the best AV around? Sometimes that doesn’t help there are new variants of this Emotet payload being created every day and it can … Read the rest
Growing Botnet Uses 5 Year Old Router Flaw
A brand new botnet which is a variant of the BCMUPnP_Hunter is taking advantage of this 5 year router flaw and 360 Netlab research shows that hundreds and thousands of of bots have already seeded themselves into routers. This same bot takes advantage of the same vulnerability that was discovered in 2013 ( BroadCom UPnp Vulnerability ).
Once the targeted router has been taken over the hacker can make Proxy changes to the next work profit from scripting simulation clicks and using mail servers like Outlook, Hotmail, and Yahoo mail just to take a few to send massive amounts of spam from your network.
Affected Router Brands Are:
- D-Link,
- Linksys,
- Technicolor router,
- Netgear
- Asus
- Trendnet
- Belkin
- TP-Link,
- ZTE,
- Zyxel,
- NetComm,
- ISP CenturyLink Routers
You may want to look up your router model and see if you are affected. Contact me on Linkedin, Twitter or through email if you need assistance … Read the rest
A New Intel CPU Exploit which uses Hyper-threading to steal encrypted data
A New Intel CPU Exploit : As if the Intel CPU couldn’t catch a break. A team of researches discovered a serious side-channel vulnerability in the CPU which could allow the attacker to find protected data like OPENSSL keys, Cypto Keys, Passwords and other processes that are running but only if the CPU has multi-threading feature enabled. They have dubbed the Vulnerability PortSmash (CVE-2018-5407), This Vulnerability is just as dangerous as the Meltdown and Spectre, TLbleed and Foreshadow.
So how do you protect yourself for the PortSmash vulnerability? The only method right now is to disable SMT/Hyper-Threading in the CPU chip’s BIOS until Intel releases security patches.
OpenSSL software is offering users a patch that can prevent the exploit from its own software.
- Tackling Shadow IT: The Unseen Network Security Risk
- How to Spot and Report Cybercrime Effectively
- IT Management Strategies For Startups
- 3 Common Mistakes in IT Operations You Can’t
Kraken Ransomware Adopts RaaS Model
The author of Kraken Ransomware has adopted the ransomware-as-a-service (RaaS) Model. In the Dark Web you can find more details about joining the affiliate program which requires a small fee to be considered a trusted partner. The interesting part about this affiliate program is that you get about 70% to 80% of the earnings and requires little to no knowledge of the criminal of deployment or software coding. The developer gets enough kick back to continue updates to the software code. This means they can afford a bigger Dev Team and instead of updates and revisions of Kraken taking a week or two they can do it within a day or a matter of hours. This put Antivirus providers on their toes day to day. I believe the integration of some sort of AI intelligence must play a roll here to combat these Zero Day ransomware infections. Regardless no matter … Read the rest
Loading ...