One thing led to another, we did not publish any weekly round-up last week. My sincere apologies.
Introduction
Welcome to the weekly round-up of security news from around the Web. I hope your week was fine.
This week round-up is mostly about hacking.
Top sites infiltrated with credit card skimmers and crypto miners
Credit card skimmers steal credit card details on an infected website and crypto miners consumes lots of computer resources (legitimately or not).
This duo seems to have found their way into top sites ranked by Alexa.
Excerpt from the article:
An investigation into the top 10,000 Alexa sites reveals that many of these popular were infected with cryptocurrency miners and credit card skimming scripts.
New Jersey hospital paid ransomware gang $670K to prevent data leak
The hackers got in via phishing.
Excerpt from the article:
After a sample of the hospital's private stolen data was published on SunCrypt's data leak site, the hospital contacted the threat actors via their Tor payment site, where they were told that the ransom was $1.7 million. The attackers told them that this ransom, though, "is negotiable due to COVID-19 situation."
As UHNJ only had two servers encrypted, they were more concerned about the releasing of patient's data and were willing to pay a ransom to prevent it from being released any further.
Online avatar service Gravatar allows mass collection of user info
If you use WordPress there is high chance that you've heard of Gravatar. Though Gravatar data are publicly available but not in the way demonstrated by security researcher Carlo Di Dato.
Excerpt from the article:
While data provided by Gravatar users on their profiles is already public, the easy user enumeration aspect of the service with virtually no rate limiting raises concerns with regards to the mass collection of user data.
New ransomware vaccine kills programs wiping Windows shadow volumes
The vaccine was created by Florin Roth but it still has a long way to go.
Excerpt from the article:
A new ransomware vaccine program has been created that terminates processes that try to delete volume shadow copies using Microsoft's vssadmin.exe program.
New Flaws in Top Antivirus Software Could Make Computers More Vulnerable
What happens when the protector needs protection?
Excerpt from the article:
The bugs impact a wide range of antivirus solutions, including those from Kaspersky, McAfee, Symantec, Fortinet, Check Point, Trend Micro, Avira, and Microsoft Defender, each of which has been fixed by the respective vendor.
Chief among the flaws is the ability to delete files from arbitrary locations, allowing the attacker to delete any file in the system, as well as a file corruption vulnerability that permits a bad actor to eliminate the content of any file in the system.
8 tips to tighten up your work‑from‑home network
Due to the COVID-19 pandemic most people are working from home thereby connecting their home network to their company's network. But is their home network secure? The article shares some tips.
Excerpt from the article:
Every time you hook up a poorly-protected device to your network, you run the risk that crooks will find it, probe it, attack it, exploit it and – if things end badly – use it as a toehold to dig into your digital life.
55 New Security Flaws Reported in Apple Software and Services
The title says it all.
Excerpt from the article:
The flaws — including 29 high severity, 13 medium severity, and 2 low severity vulnerabilities — could have allowed an attacker to "fully compromise both customer and employee applications, launch a worm capable of automatically taking over a victim's iCloud account, retrieve source code for internal Apple projects, fully compromise an industrial control warehouse software used by Apple, and take over the sessions of Apple employees with the capability of accessing management tools and sensitive resources."
That's it for this week, I'll see you next Friday.
Cover photo by Jazmin Quaynor on Unsplash.
Top comments (0)