Monthly Archives: March 2017
Tricksy Bugs In Zscaler Admin Portal Let You Ruin A Coworkers Day
Netflix target of cybercriminals
http://www.pandasecurity.com/mediacenter/src/uploads/2017/03/pandasecurity-netflix-phishing-ransomware.jpg
Netflix Accounts Are Being Used In Cyber Scams
Netflix has enjoyed huge success over the last couple of years. As stated in the company’s overview, they have over 93 million members in over 190 countries enjoying more than 125 million hours of TV shows and movies per day.
Not bad for a company that started out during the declining years of physical entertainment, renting out DVD’s by mail.
Unfortunately, success often comes at a cost. Along with the adulation and well wishing, it often garners other types of, unwanted, attention. In the case of Netflix, this attention, as you can imagine, is increasingly coming from malicious cybercriminals.
What exactly are they doing though?
How They Can Get You
Cybercriminals are using several methods to breach vulnerabilities in people’s accounts. People who are probably too busy binge watching shows like Black Mirror to know what’s going on. Oh the irony!
Among the methods these cybercriminals are reportedly using are the theft of user credentials that can be sold on the deep web, the exploiting of vulnerabilities, and most recently, the infecting of systems with Trojans capable of stealing the user’s financial and personal information.
What could a cybercriminal do with stolen user information though?
They could be sold on to other cybercriminals wanting to use the service for free. There’s another layer to the equation. A double-crossing of sorts; the lure of a free account could be used to trick someone into installing malware or ransomware onto their laptop.
Cybercriminals using details in this way can make a profit out of the initial selling of the information as well as by taking hostage of the same persons data. Never trust a criminal.
Trend Labs Security recently came across a ransomware luring Windows users via a pirate login generator. This is a typical way illegal websites share premium and paid for website details for free, as shown below.
Clicking the “Generate Login” button in this case leads to another prompt window that purportedly contains the stolen information of a genuine Netflix account. RANSOM_NETIX.A uses these fake windows as a distraction, however, all the while performing its encryption routine on 39 files, unbeknownst to most users.
The ransomware is employed using an AES-256 encryption algorithm and appends the files with the .se extension. As can be seen below, the ransom note demands $100 worth of Bitcoin (0.18 BTC).
This is actually relatively little, as ransomware demands go, some iterations demanding $500 dollars within a very short time frame. Others even ask you to infect your friends with ransomware in order to decrypt your information.
How Can You Keep Yourself Safe?
There are, of course, two victims in this ransomware scam; those who are unknowingly having their details used to lure the other type of victim, and the other one who receives the ransomware.
The first type of victim can perform a simple action if they suspect they’re account is being used illegally. Look through the “recently watched” section of your Netflix account to see if any shows are popping up that you haven’t seen. For this reason it’s good practice not to share your account with many people, however tempting it may be to allow friends or family in on the action.
It’s also good practice to stick to your provider’s security recommendations. As always, be wary of unsolicited emails pretending to offer legitimate services. A good antivirus, of course, can also act as a barrier to certain types of malware and cyber attacks.
For the second type of victim, the advice is simple; pay for the service. The ten euros a month in savings really won’t seem so great when the device it’s used on, and everything on it, is at the mercy of cybercriminals.
The post Netflix target of cybercriminals appeared first on Panda Security Mediacenter.
Dridex Banking Trojan Gains ‘AtomBombing’ Code Injection Ability to Evade Detection
Security researchers have discovered a new variant of Dridex – one of the most nefarious banking Trojans actively targeting financial sector – with a new, sophisticated code injection technique and evasive capabilities called “AtomBombing.”
On Tuesday, researchers with IBM X-Force disclosed new research, exposing the new Dridex version 4, which is the latest version of the infamous financial
Million-Plus WordPress Sites Exposed by Vulnerable Plugin
The popular NextGEN Gallery WordPress plugin was recently patched to address a “severe” SQL injection vulnerability that put website databases at risk.
9 Popular Password Manager Apps Found Leaking Your Secrets
Is anything safe? It’s 2017, and the likely answer is NO.
Making sure your passwords are secure is one of the first line of defense – for your computer, email, and information – against hacking attempts, and Password Managers are the one recommended by many security experts to keep all your passwords secure in one place.
Password Managers are software that creates complex passwords, stores
libXdmcp-1.1.2-5.fc24
Security fix for CVE-2017-2625
libXdmcp-1.1.2-5.fc25
Security fix for CVE-2017-2625
libICE-1.0.9-8.fc24
Security fix for CVE-2017-2626
THN Deal: Complete Linux Certification Training (Save 97%)
If you are also searching for the answers to what skills are needed for a job in cyber security, you should know that this varies widely based upon the responsibilities of a particular role, the type of company you want to work with, and especially on it’s IT architect.
However, Linux is the most required skills in information technology and cyber security, as Linux are everywhere!
Whether