Happy Halloween, skip the Pumpkin Spice, how about some Pumpkin Locky instead?

I was drawn to this article due to its holiday theme, but there's more to it than just pumpkins. It really discusses the current state of Ransomware. There has been about a 2 week lull in new Ransomware campaigns, which shows the bad guys like a little time off from work also. Also with Locky and other  Ransomware, they are not re-inventing the wheel, they are constantly tweaking and updating previous versions to get past defenses . A Benjamin Franklin quote mentioned by the author of the article that I never heard before, but applicable to our line work, "Distrust and caution are the parents of security".

Happy Halloween, skip the Pumpkin Spice, how about some Pumpkin Locky instead?

I was drawn to this article due to its holiday theme, but there's more to it than just pumpkins. It really discusses the current state of Ransomware. There has been about a 2 week lull in new Ransomware campaigns, which shows the bad guys like a little time off from work also. Also with Locky and other  Ransomware, they are not re-inventing the wheel, they are constantly tweaking and updating previous versions to get past defenses . A Benjamin Franklin quote mentioned by the author of the article that I never heard before, but applicable to our line work, "Distrust and caution are the parents of security".

Happy Halloween, skip the Pumpkin Spice, how about some Pumpkin Locky instead?

I was drawn to this article due to its holiday theme, but there's more to it than just pumpkins. It really discusses the current state of Ransomware. There has been about a 2 week lull in new Ransomware campaigns, which shows the bad guys like a little time off from work also. Also with Locky and other  Ransomware, they are not re-inventing the wheel, they are constantly tweaking and updating previous versions to get past defenses . A Benjamin Franklin quote mentioned by the author of the article that I never heard before, but applicable to our line work, "Distrust and caution are the parents of security".

Leftover Factory Debugger Doubles as Android Backdoor

A new vulnerability was discovered for some Android devices called "Pork Explosion". The name caught my eye and made laugh. Its actually a backdoor on Android devices made by Foxconn in Taiwan. Foxconn forgot to turn off the debugging, so any competent hacker or the Government can access the data on that phone if they have physical access to it. I would like to order a side of Pork Explosion for IPhone please.

Unfortunately, there isn't a list of affected OEMs and smartphone models yet. You can look up who Foxconn manufactures devices for, Foxconn

 

Web based keylogger

Here's a new one, but not really surprising, a web based keylogger. Web based keylogger attacks have been around for awhile apparently, I didn't know that. There has been an ongoing campaign occurring since May of this year called Magecart.  Essentially the attackers inject the keylogger code directly into the website, which steals credit card and other information at checkout  on e-commerce websites. The attackers targeted several e-commerce platforms including Magento, Powerfront CMS and OpenCart and attacks against several payment processing services, such as Braintree and VeriSign. Practicing safe e-commerce has just got tougher.

Android Lockscreen Ransomware Amps Up Annoyance With Pseudorandom Passcodes

Not a fan of free apps since they require permissions to read your contacts, locations, memory cards etc. I still need to clean the crap I do have on my phone. I imagine the paid apps pull the same crap, I haven't looked in awhile.  So I found this article interesting, you can get infected with ransomware that hijacks your lock screen, if you download the wrong free app. No worries if you have the latest android OS,  Nougat, which blocks all apps from changing your lock code if you have already set one. The permission requests to look out for are permission to lock the screen, change device settings and overlay messages above other applications. I 'll admit I have been somewhat complacent ponder my cell' phones security, but I am somewhat aware  since I despise the requirements some of these free apps want , so I never install. Unfortunately there is still a lot of people that just click through without reading what they are accepting. You gotta ask yourself, are you one those click through without reading people?

Android Lockscreen Ransomware Amps Up Annoyance With Pseudorandom Passcodes

Not a fan of free apps since they require permissions to read your contacts, locations, memory cards etc. I still need to clean the crap I do have on my phone. I imagine the paid apps pull the same crap, I haven't looked in awhile.  So I found this article interesting, you can get infected with ransomware that hijacks your lock screen, if you download the wrong free app. No worries if you have the latest android OS,  Nougat, which blocks all apps from changing your lock code if you have already set one. The permission requests to look out for are permission to lock the screen, change device settings and overlay messages above other applications. I 'll admit I have been somewhat complacent ponder my cell' phones security, but I am somewhat aware  since I despise the requirements some of these free apps want , so I never install. Unfortunately there is still a lot of people that just click through without reading what they are accepting. You gotta ask yourself, are you one those click through without reading people?