Articles on this Page
- 07/01/14--13:08: _A successful Gartne...
- 07/11/14--09:12: _New Study Reveals D...
- 07/17/14--08:15: _Cryptolocker is not...
- 07/25/14--07:15: _Critroni/Onion – Ne...
- 07/30/14--09:30: _A Look at PC Gamer ...
- 08/06/14--10:35: _8 Tips to Stay Safe...
- 08/14/14--08:15: _ZeroLocker
- 08/25/14--14:01: _Sony’s PSN Network ...
- 08/28/14--09:22: _A Primer on BitCoin
- 09/02/14--17:24: _The Weekend of Nude...
- 09/05/14--08:15: _Cryptographic Locker
- 09/09/14--15:59: _Apple’s Sept 9 Even...
- 09/10/14--13:00: _5 million GMail acc...
- 09/29/14--08:21: _‘Bash’ Shellshocks ...
- 10/06/14--16:21: _Son of a Breach! Ca...
- 11/06/14--15:29: _What To Know About ...
- 11/07/14--08:15: _We analyze Cryptobo...
- 11/12/14--11:30: _A Recap of the JP ...
- 11/14/14--08:32: _CoinVault
- 11/18/14--15:51: _Safe Online Shoppin...
- 07/01/14--13:08: A successful Gartner Summit for Webroot
- 07/17/14--08:15: Cryptolocker is not dead
- 07/25/14--07:15: Critroni/Onion – Newest Addition to Encrypting Ransomware
- 07/30/14--09:30: A Look at PC Gamer Security
- 08/06/14--10:35: 8 Tips to Stay Safe Online
- 08/14/14--08:15: ZeroLocker
- 08/28/14--09:22: A Primer on BitCoin
- 09/05/14--08:15: Cryptographic Locker
- 09/09/14--15:59: Apple’s Sept 9 Event: New (and larger) iPhones and (gasp), a Watch!
- 09/10/14--13:00: 5 million GMail accounts breached, and I was one of them
- 09/29/14--08:21: ‘Bash’ Shellshocks the Internet – Here’s What You Should Know
- 10/06/14--16:21: Son of a Breach! Can Companies Just Safeguard Their Customers’ Data?
- 11/06/14--15:29: What To Know About Apple and WireLurker
- 11/07/14--08:15: We analyze Cryptobot, aka Paycrypt
- 11/12/14--11:30: A Recap of the JP Morgan Breach
- 11/14/14--08:32: CoinVault
Webroot, the market leader in cloud-based, real-time Internet threat detection, recently returned from the 20th annual Gartner Security and Risk Management Summit in National Harbor, Maryland. Attended by many of the world’s top business and IT professionals in industries ranging from finance to information technology to government, the focus of this year’s conference was enablement of an organization to move forward towards its objectives, while ensuring security and protection. The show’s theme at this year’s conference, “Smart Risk: Balancing Security and Opportunity”, summarized the challenges that many large companies are experiencing today, as they work to ensure the safeguarding of […]
In the new BYOD Security Report conducted by Webroot through first-of-its-kind research, Webroot examined the use and security of personal mobile devices in the work environment, looking at the prevalence of employee-owned devices. The initial survey, conducted in late 2013, explored the prevalence of employee-owned devices, how they are being secured, and employee concerns regarding company-mandated security programs. The second survey, conducted in March 2014, looked at how IT managers view the risk of employee-owned devices, the prevalence of formal mobile security policies, and the extent to which employee input is included in developing BYOD policies. Pulling from that report […]
The post New Study Reveals Disparities Between Corporate Mobile Security Policies and BYOD Practice appeared first on Webroot Threat Blog.
Recently in the news the FBI filed a status report updating on the court-authorized measures to neutralize GameOver Zeus and Cryptolocker. While the report states that “all or nearly all” of the active computers infected with GameOver Zeus have been liberated from the criminals’ control, they also stated that Cryptolocker is “effectively non-functional and unable to encrypt newly infected computers.” Their reasoning for this is that Cryptolocker has been neutralized by the disruption and cannot communicate with the command and control servers to receive instructions or send RSA keys after encryption. Read more here While seizing the majority of the […]
In my last blog post about a week ago, I talked about how Cryptolocker and the like are not dead and we will continue to see more of them in action. It’s a successful “business model” and I don’t see it going away anytime soon. Not even a few days after my post a new encrypting ransomware emerged. This one even targets Russians! Presenting Critroni (aka. Onion) This newest edition of encrypting ransomware uses the same tactics of contemporary variants including: paying through anonymous tor, using Bitcoin as the currency, changing the background, dropping instructions in common directories on how to pay the scam. […]
The post Critroni/Onion – Newest Addition to Encrypting Ransomware appeared first on Webroot Threat Blog.
In the new study on security and PC gamers, Webroot found that many gamers sacrifice their protection to maximize system performance and leave themselves vulnerable to phishing attacks and gaming-focused malware. The study also provides tips for protecting gaming credentials and safeguarding against phishing attacks. Webroot PC Gamer Security Study Findings: 47% experienced an online attack with 55% of the attacks impacting system performance. 35% of PC gamers choose not to use security or rely on free clean-up tools. “Does not slow down system performance” ranked among the most important security program characteristic to gamers and Webroot has the first […]
Yesterday, the New York Times published an exclusive story on what many are stating to be the largest series of hacks ever, all revealed by Hold Security in their latest report. With a report of over 1.2 billion unique username-password combinations and over 500 million e-mail addressed amassed by a Russian hacker group dubbed CyberVol (vol is Russian for thief). While the reactions among the security industry are mixed, with some researchers raising a few questions of the masterwork behind the hack, the story does bring to the public’s attention the necessity of strong, personal, online security policies for all […]
Recently in the news we saw FireEye and Fox-IT provide the ability to decrypt files encrypted by older crpytolocker variants. They used the command and control servers seized by the FBI during operation Tovar. Since they have access to those RSA keys they essentially have the password required for every single file encrypted by a Cryptolocker variant that used Evgeniy Bogachev’s botnet. That is a major portion of the traditional red GUI cryptolocker that became famous. Any previous victims from these variants that still have encrypted files left on their machine should be able to decrypt them with ease. All they have to do is […]
Sony had a rough weekend. And not just Sony; last weekend wasn’t the best time to be a gamer. Here’s the skinny… Early yesterday morning, Sony’s PlayStation Network (PSN for short) was hit with a massive Distributed Denial of Service (DDoS) attack, causing it to crash temporarily and hamper online play for many PlayStation gamers. (Source: Google Images) Sony Online Entertainment President John Smedley quickly took to Twitter to let users know about the attack before tweeting that he’d be offline for three hours as he flew back to San Diego from Dallas on AA Flight #362. Well, not long […]
The post Sony’s PSN Network Haymaker’d by DDoS Attack; Exec’s Plane Grounded Over Bomb Threat appeared first on Webroot Threat Blog.
Editors Note: One day, we found ourselves discussing the security of bitcoin, only to realize that many readers may not truly understand the digital currency. Luckily, a team member’s father, Eoin Meehan, is well versed in the subject and has submitted a guest blog to help everyone understand this popular form of cryptocurrency. Bitcoin is a cryptocurrency, reportedly designed by Satoshi Nakamoto in 2008. To fully understand how it works we must look at how “ordinary” currencies work. To quote Sheldon Cooper “It was a warm, summer’s evening in ancient Greece …” Well, no, we don’t need to go back […]
What do celebrities (mostly young and female), 4chan, hackers, Bitcoin, and iCloud have in common? They’re all ingredients of a scandalous Labor Day Weekend, one that was filled with celebrity ‘skin’, outrage, confirmation (and denial)…and now an FBI investigation into the crazy incident that has everyone talking. But is it the ultimate internet scandal or a sobering reality of the importance of safeguarding your content to reduce the risk of it being stolen? Both. Before we go into that, however, in a nutshell (and in case you don’t know by now), here’s what happened: On Sunday, users of the often-controversial message-board 4chan, saw […]
The post The Weekend of Nude Celebrity Selfies, iCloud, and How to Protect Your Personal Info appeared first on Webroot Threat Blog.
It seems as though every few weeks we see a new encrypting ransomware variant. It’s not surprising either since the business model of ransoming files for money is tried and true. Whether it’s important work documents, treasured wedding pictures, or complete discographies of your favorite artists, everyone has valuable data they don’t want taken. This is the last thing anyone wants to see. This variant does bring some new features to the scene, but also fails at other lessons learnt by previous variants. Starting with the new features this variant will now just “delete” the files after encrypting them (it just […]
Well, September 9th is here, and the launch of Destiny, one of the most (if not the most) anticipated video games ever, isn’t the only major piece of news coming out of the tech world today. You may have heard that one Cupertino fruit-logo’d tech company had an event today. And now the details of Apple’s next big(ger) things are official. Initial takeaway? They’re pretty in-line with the the rumors that have been swirling around for months now. In other words, people got a lot of what they were expecting. Is that a good or bad thing? Depends on what camp you’re in. Probably. […]
The post Apple’s Sept 9 Event: New (and larger) iPhones and (gasp), a Watch! appeared first on Webroot Threat Blog.
There is a bit of irony in this blog post, if you will. Over my time at Webroot, I have become a major advocate and vocal evangelist of digital security, from talking about major level breaches to sharing my experiences with dating-website scams. My work has focused around the education of those who will listen and read my work on the value of keeping one’s self safe at home, work, and while traveling. Like many others, I never thought (often quite ignorantly) that my information could get out there in a breach. And if it did, I was sure I […]
The post 5 million GMail accounts breached, and I was one of them appeared first on Webroot Threat Blog.
Update: Apple has patched the Bash bug. For more info (including links to download the updates on your Mac), check out this TechCrunch report. As of last week, there’s a new security bug in the news, and it’s wreaking havoc on the Internet. (Source: Macworld/Errata Security) Discovered by Stephane Chazelas, a security researcher for Akamai (who revealed the bad news to the world last Thursday), the ‘Bash bug, or ‘Shellshock’, is a particularly nasty vulnerability affecting the Bourne-Again Shell (thus the Bash acronym) of certain versions of the Unix and Linux operating systems. Yes, that includes derivatives like the Mac OS. In other words, […]
The post ‘Bash’ Shellshocks the Internet – Here’s What You Should Know appeared first on Webroot Threat Blog.
Just when consumers were starting to regain some company trust and safe-shopping stability after last year’s massive Target breach, a string of new large-scale company breaches quickly reminded us consumers just how insecure our personal data can be. Needless to say, it’s been a rough year for some major companies and an even rougher year for thousands of unlucky customers. Let’s look at three of the major breaches of the last couple of months. Home Depot (Source: Krebs On Security) Early last month, reports started coming in that the home improvement giant was investigating “some unusual activity with regards to its customer data.” Security […]
The post Son of a Breach! Can Companies Just Safeguard Their Customers’ Data? appeared first on Webroot Threat Blog.
Everyone’s heard the saying ‘Macs aren’t malware-proof’, right? Oh, you haven’t? Count me not surprised. It could be due to the fact that that’s not an actual saying, but the more likely reason is that there is a deep-rooted belief among Apple users that Apple products and services are somehow, by default, impervious to viruses, malware, hackers, etc. Allow me to reiterate: THEY’RE NOT! Need proof? Well, we could look back two years ago to Dexter (not the hit Showtime show). Or let’s rewind to early this year, when researchers learned that Macs were still vulnerable to 2011′s famous ‘Flashback Trojan’? […]
There is a clear trend that every year there are bigger targets compromised with increased frequency with more personal data being collected. The recent attack on JP Morgan Chase is especially alarming considering they are the largest US bank and hackers had gained access to numerous servers with administrative access for nearly a month before being detected. According to reports, JP Morgan Chase account details for every consumer and business customer, including to name, address, email address and phone number, were compromised. Fortunately more specific details such as account numbers, social security numbers (SSNs) and passwords were not accessed. This […]
Today we encountered a new type of encrypting ransomware that looks to be of the cryptographic locker family. It employs the same method of encryption and has a very similar GUI (kills VSS, increases required payment every 24hr, uses bitcoin payment, ect.). Here is the background that it creates – also very similar. What’s unique about this variant that I wanted to share with you all is that this is the first Encrypting Ransomware that I’ve seen which actually gives you a free decrypt. It will let you pick any single file that you need after encryption and will decrypt […]
The holiday season is almost upon us, which means the holiday shopping season is also almost upon us. And as always, it’s bound to be a crazy time of scrambling for the biggest and best deals, both in stores and online. But while your wallet is destined to take a hit as you stack up on gifts for your family and friends, you want to make sure cybercrooks don’t make your list of people who will be receiving presents this year. Sadly, with 2014 being labeled by some as ‘The Year of the Hack’, it may be easier for them than ever […]
The post Safe Online Shopping, Happy Online Shopping – 5 Security Tips for the Holiday Season appeared first on Webroot Threat Blog.