Monthly Archives: January 2017

Hotel ransomed by hackers as guests locked in rooms

The tide of ransomware is gaining momentum. We will definitely see a lot more high profile cases of ransomware in 2017. As cyber-physical barrier becomes more fluid, so too will cyberattacks.

One of Europe’s top hotels has admitted they had to pay thousands in Bitcoin ransom to cybercriminals who managed to hack their electronic key system, locking hundreds of guests in or out of their rooms until the money was paid.

Source: Hotel ransomed by hackers as guests locked in rooms

Eyes Above The Waves: Disable Your Antivirus Software (Except Microsoft’s)

Hear, hear. I’ve always regarding AV software by the usual suspects as bloatware and it’s always the first thing I uninstall on new machines that came with them. It’s ironic how the public – and shockingly some IT professionals – gives AV vendors a free pass just because they market themselves as a panacea to the malware out there.

At best, there is negligible evidence that major non-MS AV products give a net improvement in security. More likely, they hurt security significantly; for example, see bugs in AV products listed in Google’s Project Zero. These bugs indicate that not only do these products open many attack vectors, but in general their developers do not follow standard security practices. (Microsoft, on the other hand, is generally competent.)

Source: Eyes Above The Waves: Disable Your Antivirus Software (Except Microsoft’s)

AWS and Azure in Plain English

If you are not an architect-level user of AWS you will probably be lost in the ever growing list of AWS services. The non-obvious names (Cognito, Athena, anyone?) for the services doesn’t help. Now someone is attempting to provide a – sometimes tongue-in-cheek – explanation of those services. Well, it’s not exactly plain english, but good attempt anyway. An Azure version is also available.

  1. AWS in Plain English
  2. Azure in Plain English

Wide Impact: Highly Effective Gmail Phishing Technique Being Exploited

Phishing attacks are getting more creative, relying on moments of weakness in human perception. The tried-and-tested phishing method normally includes the domain name of the target site as part of the URL (eg. paypal.com-privacyprotection.com) and hope that the user doesn’t notice the actual domain (com-privacyprotection.com). This method takes it to another level ‘cos you will see the actual URL of the target site.

A new phishing technique that affects GMail and other services and how to protect yourself.

Source: Wide Impact: Highly Effective Gmail Phishing Technique Being Exploited

Ransomware Spreading Onto Smart TVs, Is A Pain To Fix

Oh yes. Smart TVs. We should really be looking at it as a computer with a large screen – which happens to be running Android OS most of the time. Needless to say malware/ransomware that “works” for existing Android devices will seamlessly work in the Smart TV.

Streaming TV has been a boon for consumers. Programming is everywhere, right at our fingertips, as soon as we get our screens online. But that connectivity comes with a big…

Source: Ransomware Spreading Onto Smart TVs, Is A Pain To Fix

Online databases dropping like flies, with >10,000 falling to ransomware

The first story of ransomware in 2017. We’re likely to see more stories about ransomware given its lucrativeness – people/organizations are quite willing to pay a “small” fee to get their data back. This in turns encourages more cybercriminals to turn to ransomware. The rise of cryptocurrencies like Bitcoin also helps to facilitate this as it makes it hard to trace the perpetrators.

More than 10,000 website databases have been taken hostage in recent days by attackers who are demanding hefty ransoms for the data to be restored, a security researcher said Friday.

Source: Online databases dropping like flies, with >10,000 falling to ransomware