Cyber crime is likely to increase, despite the best efforts of government agencies and cyber security experts. Its growth is being driven by the expanding number of services available online and the increasing sophistication of cyber criminals who are engaged in a cat-and-mouse game with security experts. With the right level of preparation and specialist external assistance, it is possible to control damages, and recover from a cyber breach and its consequences.

A new variant of the Jaff ransomware was discovered by security researcher Brad Duncan that includes an updated design for the ransom note and the new WLU extension for encrypted files. Like the first variant of Jaff, this new version continues to be distributed through MALSPAM campaigns that utilize malicious documents and macros to download and install the ransomware.

Read More

As everyone expected, scammers are attempting to cash in on the mass hysteria currently surrounding the WannaCry ransomware outbreak, a mass-infection took place over the weekend of May 12 and 14, and whose effects we still feel today. While the WannaCry attacks have been stopped thanks to a British researcher named MalwareTech, the ransomware’s virulent attacks have made everyone take notice.

Read More

A popular font sharing site DaFont.com has been hacked, exposing the site’s entire database of user accounts. Usernames, email addresses, and hashed passwords of 699,464 user accounts were stolen in the breach, carried out earlier this month, by a hacker who would not divulge his name.The passwords were scrambled with the deprecated MD5 algorithm, which nowadays is easy to crack. As such, the hacker unscrambled over 98 percent of the passwords into plain text. The site’s main database also contains the site’s forum data, including private messages, among other site information. At the time of writing, there were over half-a-million posts on the site’s forums.

Read More

NAND flash memory chips, the building blocks of solid-state drives (SSDs), include what could be called “programming vulnerabilities” that can be exploited to alter stored data or shorten the SSD’s lifespan. During the past few years, SSDs have slowly replaced classic disk-based HDDs as the prime storage medium for the world’s data, taking over not only in data centers, but our phones, tablets, laptops, and desktop PCs.

Read More

Ways to protect against hackers

Hackers are a scary bunch—whether working as part of a criminal syndicate or an idealist with a political agenda, they’ve got the knowledge and the power to access your most precious data. If hackers want to target a particular company, for example, they can find vast amounts of information on that company just by searching the web. They can then use that info to exploit weaknesses in the company’s security, which in turn puts the data you’ve entrusted to that company in jeopardy.

Think of your home computer as a company. What can you do to protect it against hackers? Instead of sitting back and waiting to get infected, why not arm yourself and fight back?

1. Update your OS and other software frequently, if not automatically. This keeps hackers from accessing your computer through vulnerabilities in outdated programs. For extra protection, enable Microsoft product updates so that the Office Suite will be updated at the same time. Consider retiring particularly susceptible software such as Java or Flash.
2. Download up-to-date security programs, including antivirus and anti-malware software, anti-spyware, and a firewall (if your OS didn’t come pre-packaged with it). To trick even the most villainous hackers, consider investing in anti-exploit technology, such as Malwarebytes Anti-Exploit, so you can stop attacks before they happen.
3. Destroy all traces of your personal info on hardware you plan on selling. Consider using d-ban to erase your hard drive. For those looking to pillage your recycled devices, this makes information much more difficult to recover. If the information you’d like to protect is critical enough, the best tool for the job is a chainsaw.
4. Do not use open wifi; it makes it too easy for hackers to steal your connection and download illegal files. Protect your wifi with an encrypted password, and consider refreshing your equipment every few years. Some routers have vulnerabilities that are never patched. Newer routers allow you to provide guests with segregated wireless access. Plus, they make frequent password changes easier.
5. Speaking of passwords: password protect all of your devices, including your desktop, laptop, phone, smartwatch, tablet, camera, lawnmower…you get the idea. The ubiquity of mobile devices makes them especially vulnerable. Lock your phone and make the timeout fairly short. Use fingerprint lock for the iPhone and passkey or swipe for Android. “It’s easy to forget that mobile devices are essentially small computers that just happen to fit in your pocket and can be used as a phone,” says Jean-Philippe Taggart, Senior Security Researcher at Malwarebytes. “Your mobile device contains a veritable treasure trove of personal information and, once unlocked, can lead to devastating consequences.”
6. Sensing a pattern here? Create difficult passwords and change them frequently. In addition, never use the same passwords across multiple services. If that’s as painful as a stake to a vampire’s heart, use a password manager like LastPass. For extra hacker protectant, ask about two-step authentication. Several services have only recently started to offer two-factor authentication, and they require the user to initiate the process. Trust us, the extra friction is worth it. Two-factor authentication makes taking over an account that much more difficult, and on the flip side, much easier to reclaim should the worst happen.
7. Come up with creative answers for your security questions. People can now figure out your mother’s maiden name or where you graduated from high school with a simple Google search. Consider answering like a crazy person. If Bank of America asks, “What was the name of your first boyfriend/girlfriend?” reply “your mom.” Just don’t forget that’s how you answered when they ask you again.
8. Practice smart surfing and emailing. Phishing campaigns still exist, but hackers have become much cleverer than that Nigerian prince who needs your money. Hover over links to see the actual email address from which the email was sent. Is it really from the person or company claiming to send them? If you’re not sure, pay attention to awkward sentence construction and formatting. If something still seems fishy, do a quick search on the Internet for the subject line. Others may have been scammed and posted about it online.
9. Don’t link accounts. If you want to comment on an article and you’re prompted to sign in with Twitter or Facebook, do not go behind the door. “Convenience always lessens your security posture,” says Taggart. “Linking accounts allows services to acquire a staggering amount of personal information.”
10. Keep sensitive data off the cloud. “No matter which way you cut it, data stored on the cloud doesn’t belong to you,” says Taggart. “There are very few cloud storage solutions that offer encryption for ‘data at rest.’ Use the cloud accordingly. If it’s important, don’t.”