Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.

Gigabyte Firmware Flaws Allow the Installation of Ransomware

Now, here is an interesting one. Gigabyte BRIX are very small computers, similar to Intel NUCs, that can be used to replace those bulky desktop towers. I am using Intel NUCs myself at the house and the office.

Well, these small devices have no hard disk and everything lives in different types of memory. At the BlackHat Asia 2017 security conference, researchers from cyber-security firm Cylance disclosed two vulnerabilities in the firmware of Gigabyte devices, which allow an attacker to write malicious content to the UEFI firmware.

Samas Ransomware Deletes Veeam Backups, And Maybe Yours Too...

This month, a user on the Atlanta-based 500 million-dollar backup company Veeam community forums reported that they were hit with Samas ransomware. I am giving you the short version here:

"On 2/7 we were hit with Samas Ransomware. Of course I freaked but I felt confident driving into work that I was ok with backups. I used Veeam to backup all my servers to two CIFS folders on 2 different Drobos on campus. We are a Private School with a small Tech budget and we get by with what we can. 

"The server itself got wiped with Samas, but I still felt confident. I looked in the Veeam_Backups folder a few times on both Drobos and both were empty, but I figured it was just a permission issue or something. I wasn't that worried.

Scam Of The Week: The Evil Airline Phishing Attack

Our friends at Barracuda run their Email Threat Scanner over hundreds of thousands of customer mailboxes and discovered a highly effective phishing attack that tricks a whopping 90% of the victims.  You need to tell your users about this right away. 

This evil airline phishing attack combines all "criminal best-practices" to steal credentials and drop malware on disk which is used to then further hack into your network.

SecureWorks Exposes Phishing Russian Hacker Gang APT28

Atlanta-based SecureWorks has a Counter Threat Unit which has been closely watching the Russian hacker gang APT28 over the last few years and released brand new research. This group of criminal hackers is also known as Pawn Storm, Sofacy, Strontium, Fancy Bear, and SecureWorks calls them "IRON TWILIGHT".  

Proofpoint: "45% Surge In CEO Fraud" And Domain Spoofing Even Higher [infoGraphic]

CEO Fraud, aka Business Email Compromise (BEC), is skyrocketing. Proofpoint recently conducted research into these types of attacks across more than 5,000 enterprise customers. Their research shows a clear acceleration in attack sophistication and volume. 

KnowBe4 Appoints Former Gartner Research Analyst Perry Carpenter as Chief Evangelist and Strategy Officer

Perry Carpenter, former Research Director, Security & Risk Management and esteemed analyst at Gartner, has joined KnowBe4 as Chief Evangelist and Strategy Officer. As the provider of the most popular platform for security awareness training and simulated phishing, KnowBe4 developed this new role to strengthen innovation and lead efforts to evolve how the human element of security is approached. Carpenter brings a unique point of view to help KnowBe4 and its customers achieve an even higher degree of success and effectiveness.

Chinese Hackers Use Fake Cellphone Tower to Spread Android Banking Trojan

Check Point Software blogged about Chinese hackers who have taken smishing to the next level, using a rogue cell phone tower to distribute Android banking malware via spoofed SMS messages.

Does DoubleAgent Turn Antivirus Into Malware? We Are Calling BS On That.

It was all over the press. Initially reported by Bleepingcomputer and picked up by sites like Endgadget, they all went gaga over a new technique that allows the bad guys to take over your computer by "turning your antivirus into malware." Here is an example snippet:

Ransomware Is Skyrocketing, But Where Are All The Breach Reports?

More than 4,000 ransomware attacks occur daily and healthcare is the largest target. However, despite disclosure requirements and the risk of late or no HIPAA notification at all, breach reporting simply doesn’t match up.

I found some interesting data in a new survey by Healthcare IT News and HIMSS Analytics that showed more than half of hospitals were hit with ransomware from April 2015 to April 2016, but breach reporting to the OCR was practically non-existent.

Subscribe To Our Blog

Phish Your Users

Get the latest about social engineering

Subscribe to CyberheistNews