What is a social engineering attack? In a social engineering attack, an attacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems. An attacker may seem unassuming and respectable, possibly claiming to be a new employee, repair person, or researcher and even offering credentials to support that …
Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of a system. Users and administrators are encouraged to review the following Cisco Security Advisories and apply the necessary updates: a) Elastic Services Controller Unauthorized Access Vulnerability – cisco-sa-20170705-esc2 b) Ultra Services Framework …
Joomla has released version 3.7.3 of its Content Management System software to address several vulnerabilities: a) Core – Information Disclosure affecting Joomla 1.7.3-3.7.2 b) Core – XSS Vulnerability affecting Joomla 1.7.3-3.7.2 c) Core – XSS Vulnerability affecting Joomla 1.5.0-3.6.5 Further information on these vulnerability updates and fixes can be found on the Joomla Website at …
The Petya Ransomware successfully infected several industries including banks as well as media outlets, energy companies, power and utilities, telecoms, life sciences, transportation government agencies, airports and radiation monitoring equipment within the Chernobyl power plant. While Ukraine seems to have been the first and hardest hit, other organizations across the globe were affected. We are …
After an analysis of the encryption routine of the malware used in the Petya/ExPetr attacks, we have thought that the threat actor cannot decrypt victims’ disk, even if a payment was made. This supports the theory that this malware campaign was not designed as a ransomware attack for financial gain. Instead, it appears it was …
When a ransomware outbreak exploded from Ukraine across Europe yesterday, disrupting companies, government agencies, and critical infrastructure, it at first appeared to be just another profit-focused cybercriminal scheme—albeit a particularly vicious and damaging one. But its origins in Ukraine raised deeper questions. After all, shadowy hackers have waged a cyberwar there for years, likely at …
Date First published: 27/6/2017 1.0 Introduction Discovered: June 27, 2017 Updated: June 27, 2017 12:30pm Type: Ransomware Infection Length: Varies Systems Affected: Client Computers, Servers, Websites This is an alert from TTCSIRT that there are early signs of a new ransomware outbreak currently affecting a large number of countries across the globe such as the …
The Internet Crime Complaint Center (IC3) has released its 2016 Internet Crime Report, describing the numbers and types of cyber crimes reported to IC3. Business Email Compromise (BEC), ransomware attacks, tech support fraud, and extortion are all common schemes affecting people in the U.S. and around the world. The report is available on the TTCSIRT …
Industrial companies from around the world have been targeted in phishing attacks believed to have been launched by cybercriminals located in Nigeria, Kaspersky Lab reported on Thursday. In October 2016, Kaspersky’s Industrial Control Systems Cyber Emergency Response Team (ICS CERT) noticed a significant increase in malware infection attempts aimed at industrial organizations in the metallurgy, …
Why does cybersecurity extend beyond computers? Actually, the issue is not that cybersecurity extends beyond computers; it is that computers extend beyond traditional laptops and desktops. Many electronic devices are computers—from cell phones and tablets to video games and car navigation systems. While computers provide increased features and functionality, they also introduce new risks. Attackers …